Re: [HACKERS] RADIUS authentication

(2010/01/26 6:30), Magnus Hagander wrote: > 2010/1/25 KaiGai Kohei: >> (2010/01/24 23:29), Magnus Hagander wrote: >>> There is one more option here - use OpenSSL if available. It has >>> functions for secure random number generations >>> (http://www.openssl.org/docs/crypto/RAND_bytes.html). That s

Re: [HACKERS] RADIUS authentication

2010/1/25 KaiGai Kohei : > (2010/01/24 23:29), Magnus Hagander wrote: >> There is one more option here - use OpenSSL if available. It has >> functions for secure random number generations >> (http://www.openssl.org/docs/crypto/RAND_bytes.html).  That seems easy >> enough when OpenSSL is available.

Re: [HACKERS] RADIUS authentication

(2010/01/24 23:29), Magnus Hagander wrote: > 2010/1/20 KaiGai Kohei: >> (2010/01/20 0:19), Magnus Hagander wrote: * I think this comment is right. + for (i = 0; iv

Re: [HACKERS] RADIUS authentication

2010/1/24 Magnus Hagander : > 2010/1/20 KaiGai Kohei : >> As Tom pointed out, it is fundamentally same. >> The matter is this random() invocation is the first time after >> initialization of random seed by srandom(). It means an external observer >> can estimate the random value uniquely using pid

Re: [HACKERS] RADIUS authentication

2010/1/20 KaiGai Kohei : > (2010/01/20 0:19), Magnus Hagander wrote: >>> * I think this comment is right. >>>   +   for (i = 0; i<  RADIUS_VECTOR_LENGTH; i++) >>>   +       /* XXX: Generate a more secure random string? */ >>>   +       packet->vector[i] = random() % 255; >>> >>>   The random seed i

Re: [HACKERS] RADIUS authentication

(2010/01/20 0:19), Magnus Hagander wrote: > 2010/1/18 KaiGai Kohei: >> (2010/01/10 22:25), Magnus Hagander wrote: >>> The attached patch implements RADIUS authentication (RFC2865-compatible). >>> >>> The main usecase for me in this is the ability to use (token based) >>> one-time-password systems e

Re: [HACKERS] RADIUS authentication

Magnus Hagander writes: > 2010/1/18 KaiGai Kohei : >>  The random seed is initialized at BackendRun() with MyProcPid and >>  the time of backend process launched. >>  Then, PostgresMain() -> InitPostgres() -> PerformAuthentication() >>  will be called, and this random() shall be the first call jus

Re: [HACKERS] RADIUS authentication

2010/1/18 KaiGai Kohei : > (2010/01/10 22:25), Magnus Hagander wrote: >> The attached patch implements RADIUS authentication (RFC2865-compatible). >> >> The main usecase for me in this is the ability to use (token based) >> one-time-password systems easily with PostgreSQL. These systems almost >> a

Re: [HACKERS] RADIUS authentication

(2010/01/10 22:25), Magnus Hagander wrote: > The attached patch implements RADIUS authentication (RFC2865-compatible). > > The main usecase for me in this is the ability to use (token based) > one-time-password systems easily with PostgreSQL. These systems almost > always support RADIUS, and the i

Re: [HACKERS] RADIUS authentication

Magnus, * Magnus Hagander (mag...@hagander.net) wrote: > The attached patch implements RADIUS authentication (RFC2865-compatible). Great! We have a few environments which use RADIUS auth, nice that PG might be able to use that auth method in the future. I'm not a fan of having the shared secr

Re: [HACKERS] RADIUS authentication

On Sun, Jan 10, 2010 at 18:55, Peter Eisentraut wrote: > On sön, 2010-01-10 at 14:25 +0100, Magnus Hagander wrote: >> The attached patch implements RADIUS authentication (RFC2865-compatible). >> >> The main usecase for me in this is the ability to use (token based) >> one-time-password systems eas

Re: [HACKERS] RADIUS authentication

On sön, 2010-01-10 at 14:25 +0100, Magnus Hagander wrote: > The attached patch implements RADIUS authentication (RFC2865-compatible). > > The main usecase for me in this is the ability to use (token based) > one-time-password systems easily with PostgreSQL. These systems almost > always support RA

[HACKERS] RADIUS authentication

The attached patch implements RADIUS authentication (RFC2865-compatible). The main usecase for me in this is the ability to use (token based) one-time-password systems easily with PostgreSQL. These systems almost always support RADIUS, and the implementation is fairly simple. RADIUS can of course