[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Radius authentication and client configuration

To: "pcalhoun@eng.sun.com" <Patrice.Calhoun@Eng.Sun.Com>
Subject: Re: Radius authentication and client configuration
From: Shawn Mamros <smamros@BayNetworks.COM>
Date: Thu, 16 Apr 1998 18:39:13 -0400
CC: Vipul Gupta <vgupta@nobel.Eng.Sun.COM>, gab@Eng.Sun.Com, ipsec@tis.com, periera@TimeStep.com, rgm-sec@htt-consult.com
References: <Roam.SIMCSD.2.0.4.892764436.9201.pcalhoun@hsmpka>
Sender: owner-ipsec@ex.tis.com

> Agreed. I threw out the eap-isakmp draft in order to make the list aware of
> it. As for Roy's intent to tie it in with existing token/smart cards I would
> not recommend this. The problem that we are currently faced with is that it
> requires vendors to include proprietary code from token/smart card vendors and
> ties them into a single solution. EAP will provide vendors with the ability to
> support ANY token/smart cards that support EAP.

One does not necessarily need proprietary code from the token/smart card
vendors to make extended authentication work.  As long as the token/smart
card vendor provides a RADIUS, or EAP, or whatever front-end, one can
write a matching back-end to make it work with the ISAKMP implementation.
I know of at least one proof-by-existance...  (One can argue whether or
not such a solution is ideal from a security standpoint, but it does work.)

-Shawn Mamros
E-mail to: smamros@BayNetworks.com

References:

Re: Radius authentication and client configuration

From: "pcalhoun@eng.sun.com" <Patrice.Calhoun@Eng.Sun.Com>

Prev by Date: Re: Weak keys
Next by Date: RE: Radius authentication and client configuration
Prev by thread: Re: Radius authentication and client configuration
Next by thread: RE: Radius authentication and client configuration
Index(es):
- Main
- Thread