On 04/03/2011 04:07 PM, Tiberiu Breana wrote:
Hello. I'm doing my thesis project on advanced authentication techniques. I want to use freeRADIUS to implement extensions regarding one or more of the following:
I don't want to sound like I'm being discouraging, but none of those are "advanced" IMO.
1)Location-based authentication
See RFC 5580
2)Prepay codes for timed access
This is either just "normal" authentication, or at most token-card auth (e.g. EAP-GTC). Or do you mean something else?
3)QoS parameters (allocate network resources according to the user's services)
This is usually just extra attributes in the Access-Accept, or using CoA packets to update mid-sessions.
Do you think these extensions are 'doable' for a beginner?
None of these seem very hard. They probably don't need new modules - you could probably write the policies needed in "unlang".
What are the major steps in implementing a new module? From what I've understood so far, I have to create a .c file and add some attributes to the dictionary. Is implementing new message types difficult? (does the finite-state machine need to be modified?)
Implementing new radius message types is an error. Don't do that. Lots and lots of experienced people e.g. equipment vendors get RADIUS wrong; there's little chance you'll avoid those mistakes.
Any advice/information/tips are greatly welcome. Thanks!
Don't be offended but: I'd spend some time actually looking at what FreeRADIUS can do, and reading the RFCs for radius-related authentication methods. The server comes with a list of applicable RFCs.
HTH, Phil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
