Am 22.02.11 07:56, schrieb Kiss Attila - Elastoffice:
Hello,
Just wondering, is possible to authenticate SOGo with a Radius server?
Does anyone tried?
If not there is some API where we could do it and share with SOGo
community?
Authentication against RADIUS is not very difficult and even with
Objective C there are plenty of libraries to choose from - but RADIUS
IMHO does not have the needed attributes to make things fly. You need a
unique user id, a mail address, a real name (cn). RADIUS normally is
used for network topologies, so you can store IP addresses or pools,
ACLs to be set, user classes, PEAP authentication modules (with their
apppropriate password algorithms). It's perfect if you only want a login
(so you have user name checked against radius) or if you want to
configure your switch to talk 802.1x (to prevent people with their
private notebooks to get access to your corporate network).
You would have to define a new dictionary for your radius server
including all the attributes SOGo needs for a user login.
My advice would be to instruct your IDM (identity manager, I am quite
sure you don't feed your radius manually) to do a feed/provisioning also
to an LDAP server (or SQL table) to use with SOGo.
Just my $0.02,
Pascal
--
Pascal Gienger Jabber/XMPP/Mail: [email protected]
University of Konstanz, IT Services Department ("Rechenzentrum")
Electronic Communications and Web Services
Building V, Room V404, Phone +49 7531 88 5048, Fax +49 7531 88 3739
--
[email protected]
https://inverse.ca/sogo/lists
