Actually, that is more of a Kerberos system that you are thinking of. Here is some info on radius:
Taken from rfc 2865 Remote Authentication Dial In User Service (RADIUS). "Key features of RADIUS are: Client/Server Model A Network Access Server (NAS) operates as a client of RADIUS. The client is responsible for passing user information to designated RADIUS servers, and then acting on the response which is returned. RADIUS servers are responsible for receiving user connection requests, authenticating the user, and then returning all configuration information necessary for the client to deliver service to the user. A RADIUS server can act as a proxy client to other RADIUS servers or other kinds of authentication servers. Network Security Transactions between the client and RADIUS server are authenticated through the use of a shared secret, which is never sent over the network. In addition, any user passwords are sent encrypted between the client and RADIUS server, to eliminate the possibility that someone snooping on an unsecure network could determine a user's password." Basically there is a encryption by using the shared secret, however that secret is never passed across the network. The only tough problem here is that you really need to know what is coming in each packet. There is encryption is each packet that must be dealt with. To do authentication with radius you need to create sockets and communication back and forth with the NAS server. This can be some what more complex and you need a more powerful language than php. I use c and sometimes c++. I like to use php for the snmp functionality that allows me to query the radius mibs on network devices. This gives me authentication and accounting information. I suggest you read up on these rfcs: 2618, 2619, 2620, 2621, 2865, 2866, 2867, 2869, and 3162. You could also try writing a radius extension for php? Thank you, Ray Hunter Firmware Engineer ENTERASYS NETWORKS > -----Original Message----- > From: Benji Spencer [mailto:[EMAIL PROTECTED]] > Sent: Thursday, March 28, 2002 7:07 AM > To: [EMAIL PROTECTED] > Subject: RE: [PHP] RADIUS - supported in PHP? > > > > >What are you trying to do with radius and php? > > I really don't know yet. We are looking at implementing RADIUS as a > authentication scheme. I only roughly understand RADIUS, > which doesn't help > much. I looked at the RADUIS Apache module, which is where I > am gaining > most of my knowledge. It appears to function much like any other > authentication scheme (at least to some extent) like LDAP or using a > database (or NT Domain...or...or). As Apache can > authentication against > RADIUS, I assumed that such a thing could also be achieved via PHP. > > Currently we have an Intranet Portal which authenticates > against LDAP. We > would want to change this over to RADIUS if we implemented > RADIUS. How this > is done, If it can be done, and what does it take are all > questions which > are up in the air at this point. > > From my understanding, RADIUS is more or less a ticketing > mechanism. It is > configured on the back end to check various sources (files, > SQL, LDAP), and > then provides a ticket if authentication is passed. It is > this ticked which > is passed around by the client and used to authenticate to the same > resource, as well as other resources (if you have a valid > ticket, you are > not asked for username/password info?). > > How close am I in understanding this, as well as making this > all work in PHP? > > thanks.. > > benji > > --- > Ben Spencer > Web Support > [EMAIL PROTECTED] > x 2288 > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php >