RE: Integrating OPENSSL with RADIUS

Tue, 16 Dec 2003 10:00:58 -0800 

Thanks!

    .arun
> There may not be an easy way.
> 
> If you are using client authentication (rather enforcing it) you can extract
> identity of client from peer certificate on the server side. You can do this
> during certificate verification by specifying a callback to the verification
> process, or do it cleanly after connection establishment.
> 
> But only having identity of client in the certificate wont help you much in
> authentication with radius. Any information beyond the identity would be
> unsafe in the certificate.
> 
> /Gaurav
> 
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 15, 2003 2:35 PM
> To: [EMAIL PROTECTED]
> Subject: Integrating OPENSSL with RADIUS
> 
> 
> All,
> 
> I have questions on integrating OPENSSL with RADIUS
> for authentication (in the future, TACACS+).
> 
> Right now, I have little authentication and I am using an older
> version of OPENSSL (0.9.6G).
> 
> My questions are: Where are the hooks in the SSL-server code

> to interrupt the normal response to the SSL-client to accomodate
> RADIUS server interaction?
> Also, what are the timeouts that I must manage so that I can
> accomodate this additional delay in getting back to the
> ssl-client caused by the presence of this RADIUS step?
> 
> I would appreciate any and all advice on RADIUS interaction and 
> pointers to the places in the SSL code that I must go to, 
> to insert my hooks for authentication via RADIUS.
> 
> I have a similar question with SSH but that I will ask on the 
> SSH list.
> 
> Thank you in advance for the help provided.
> 
>     Arun Mahajan
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org

> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to