On Thu, 28 Feb 2002 13:53:49 -0500 "Tabor J. Wells" <[EMAIL PROTECTED]> wrote:
> On Thu, Feb 28, 2002 at 11:49:16AM -0500, > Alan DeKok <[EMAIL PROTECTED]> is thought to have said: > > > Ted Frohling <[EMAIL PROTECTED]> wrote: > > > I'm new to ldap and radius, so perhaps this has already been done, but > > > I don't see anything in the radius docs about using LDAPS. From > > > what I can see, I have roll my own implementation of using secure ldap. > > > > 'start_tls' is an ldap configuration entry to get encryption on the > > ldap connection. > > Yes but I believe that just allows FR to perform opportunistic encryption > via TLS. I think what Ted is looking for is support for LDAP over SSL on > port 636 which AFAIK isn't possible currently. Thanks, Yes, I was not particularly clear on which security method I needed. It is indeed SSL. I started digging into the code and came to the same conclusion that right now it's not ready to do this. We're weighing the cost of development and the cost of purchasing a commercial radius server that has the capability built in. Right now we are evaluating the Steel-Belted Radius Server. If we decide to start hacking, we will certainly give those patches back to the freeradius project. ted > > Tabor > > -- > -------------------------------------------------------------------- > Tabor J. Wells [EMAIL PROTECTED] > Fsck It! Just another victim of the ambient morality > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ted Frohling (TF30-ARIN) The University of Arizona 520.621.4834 Security Incident Response Team CCIT Room 126 [EMAIL PROTECTED] CCIT - Network Operations PO Box 210073 www.Telcom.Arizona.EDU/tsf Tucson, AZ 85721-0073 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
