> Does anyone out there have any information on integrating SKEY,
> Radius, and a PortMaster? How about just SKEY and Radius? IMHO SKEY
> is a great way to authenticate users for dial-in access.
It's dead easy to do in Merit Radius. You can add your own
`authentication vectors' into the server that do whatever you like
to verify a password. Starting with no knowledge of the server
whatsoever, I added a new flat-file authentication scheme in about
four hours, and I'm not great whiz of a programmer. I should think
that the S/KEY stuff shouldn't be much more difficult to do, since
full source code for it is available in some of the free Unix
systems (I know it's in NetBSD: www.netbsd.org).
The only real problem is that you won't be able to display the
user's current S/KEY sequence number, which means that he'll have
to remember which one he last used. This is annoying, but not
crippling. Adding the ability to do this would require an extension
to the Radius protocol, I think, because I don't recall any way of
sending an authentication packet, receiving back a challange which
is displayed to the user, and then sending back the answer to that
challange. Although, come to think of it, isn't something like this
necessary for CHAP? I don't have my Radius spec. handy, unfortunately.
cjs
Curt Sampson curt@portal.ca Info at http://www.portal.ca/
Internet Portal Services, Inc.
Vancouver, BC (604) 257-9400 De gustibus, aut bene aut nihil.