Plugins:RADIUS

From pGina

Jump to: navigation, search

About

The RADIUS plugin for pGina provides RADIUS authentication and (optionally) RADIUS accounting support. 


  Latest Version (x86): 0.3
  Latest Version (x64): 0.3

     Configuration GUI: Yes
Includes Documentation: Yes

            Written By: Holger Weiss (holger@zedat.fu-berlin.de)
      Contributions By: Kostas Kalevras (kkalev@noc.ntua.gr)
             Home Page: http://www.jhweiss.de/software/radius.html


Download

Latest Version: pGina-1.8.8

Architecture Version Release Date
32 Bit RADIUSplugin-0.3 03-29-2010 Release Notes
64 Bit RADIUSplugin-0.3 03-13-2005 Release Notes
64 Bit RADIUSplugin-0.2.1 03-13-2005 Release Notes


Changelog

v0.3

Release Date: Mon Mar 29 13:45:40 MEST 2010 

Contributed by Holger Weiss:
* Add AMD64 support.
* Make the number of connection retries configurable.
* Check whether the server responds with a modified User-Name attribute.
  In that case, use the modified user name for accounting requests; and,
  if the registry key "modify_username" is set to a true value, for
  logging in.
* Fix the value of the NAS-Identifier attribute: If the host name of the
  Windows client cannot be resolved to an IP address, the plugin tries
  to set the NAS-Identifier instead of the NAS-IP-Address; this failed
  since release 0.2, that is, the NAS-Identifier was filled with
  garbage.
* Various minor fixes and enhancements.

Contributed by Kostas Kalevras:
* Add support for the Message-Authenticator attribute.

v0.2.1

Release Date: Sun Mar 13 18:01:33 MET 2005 

Contributed by Holger Weiss:
* Use seperate variables for the "radius" and "radacct" ports in the
  radius_server_t structure instead of trying to adjust the port for
  accounting requests on the fly. This fixes a bug introduced in 0.2,
  where the port for accounting requests wasn't set correctly. Thanks
  to Ioan Caltun for reporting the bug.

v0.2

Release Date: Fri Mar 4 03:40:00 MET 2005 

Contributed by Kostas Kalevras:
* Add more sanity checks on the incoming RADIUS packets. This should
  eliminate a few security threats in the previous version.
* Add functions for changing attribute values (length should be the same
  for now).
* Add functions for reading attribute values instead of using the
  attribute structure elements (nice OO abstraction).
* Make maximum attribute value length 253 (as it should be).
* Add UserLogon attribute support and the corresponding dictionary:

     * UserLogon-HomeDir:              User home directory
     * UserLogon-Type:                 In our case, Windows-Logon
     * UserLogon-Restriction:          Determine if the user is anonymous, or admin
     * UserLogon-GroupNames:           User Groups
     * UserLogon-DriveNames:           Drives to map
     * UserLogon-UserDescription:      User Description
     * UserLogon-UserFullName:         User Full Name
     * UserLogon-UserProfile:          The default user profile to use
     * UserLogon-UserDomain:           The Domain to use for the user

* Add anonymous user support.
* Move a few attributes to the build_radius_packet() function so that
  they always get sent.
* Add support for Vendor Specific attributes.
* Update the random vector calculator to be more random.
* Calculate session-time in a more nice way.
* Support the Class attribute.
* Move a few static variables to a request_t structure and remember
  that.
* Allow the administrator to specify the NAS-IP-Address to be sent in
  requests.
* Support the Session-Timeout attribute.

Contributed by Holger Weiss:
* If multiple IPs are returned for a given server hostname, choose one
  of them randomly (instead of simply using the first one).
* Save a copy of the radius_server_t structure which was used for
  authentication and remember it in order to reuse the server data for
  accounting (instead of repeatedly reading the configuration from the
  registry and repeatedly resolving the server hostname).
* Make the select() timeout configurable.
* Make the local port the RADIUS plugin bind()s to configurable.
* Make the Service-Type attribute values configurable seperately for
  authentication and accounting requests; but make this a "hidden
  feature", as using different values for authentication and accounting
  is a rather uncommon setup. The value set via the configuration
  dialog will be saved to the registry as "service_type" and used for
  both authentication and accounting as long as "service_type_acct"
  (which would be used for accounting) isn't set manually.
* Update the configuration dialog to support the new options.
* Update documentation with all new features.

v0.1

Release Date: Tue Jan 27 17:20:00 MET 2004 

* Initial release
Retrieved from "http://www.pgina.org/index.php/Plugins:RADIUS"
Personal tools