[strongSwan] xauth_radius plugin with Challenge/Response support

Martin Willi martin at strongswan.org
Mon Jul 29 11:54:57 CEST 2013


Hi Gerald,

> I have implement a xauth_radius plugin which is able to do xauth
> authentication against a radiusserver, without using eap. 

Thanks for the patches.

Today I've merged a first version of the xauth-radius backend to the
master branch. I've used a slightly different approach by integrating
the xauth-radius backend directly into the eap-radius plugin. This
avoids duplicating a lot of code, and allows us to reuse all the RADIUS
goodies we already have, such as Accounting or assignment of virtual IPs
and other attributes.

Support for Access-Challenges is still missing. There are some other
changes in the pipeline though, such as multiple XAuth rounds [1], for
example to authenticate with Password and HOTP/TOTP. These won't make it
into 5.1.0, I'd like to avoid larger changes as the release is coming
soon. 

Best Regards
Martin

[1]http://git.strongswan.org/?p=strongswan.git;a=shortlog;h=refs/heads/xauth-radius-multi






More information about the Users mailing list