RADEAPSRP:
freeradius & pppd patches to support EAP/SRP-SHA1
Why EAP/SRP-SHA1 ?
There are two known to me authentication protocols that have following
properties:
1. Password based
2. Hard to crack - security depends mostly on password strength.
3. Clear text password has to be kept on client side only
4. Supported by radius
5. Supported by pppd
These protocols are EAP/TTLS and EAP/SRP-SHA1.
EAP/TTLS is supported by freeradius and various wireless APs and
supplicants. Server-side patches
for pppd are also available. Unfortunately the only known to me free
client-side implementation
for pppd is SecureW2 that runs on windows only.
EAP/SRP-SHA1 is as good as EAP/TTLS , it has server-side pppd patches
and
client-side pppd implementation is also free and included in pppd for
several years
but EAP/SRP-SHA1 was not supported by freeradius. It was easier to
write eap-type freeradius module
than integrate EAP/TTLS client into pppd :)
What you'll find here:
freeradius-1.1.7-srp.tar.bz2
- just what it says - a freeradius -1.1.7 with two modules added -
rlm_eap_srp-sha1
and rlm_srp_files. They are documented in doc/rlm_eap_srp_sha1 and
doc/rlm_srp_files respectively.
freeradius-1.1.7-srp.patch.bz2
- same as above but just the patch to vanilla freeradius-1.1.7.
radeapsrp.tar.bz2
- Test radius EAP/SRP-SHA1 client with command-line interface. Was
written to debug
server-side code.
freeradius-client-snapshot-20071022-srp.tar.bz2
- freeradius client library - required to compile radeapsrp.
It has some minor patches introduced to support MESSAGE-AUTHENTICATOR
and other EAP/SRP required stuff.
freeradius-client-snapshot-20071022-srp.patch.bz2
- same as above in patch form.
ppp-heiart.tar.bz2
- pppd patched by Michael Heiart to support EAP/TLS auth against
radius server. Trivial to extend this for
other EAP types. Kindly provided by Michael Heiart.
ppp-heiart-despace-stripnum.tar.bz2
- same as above but EAP/TTLS and EAP/SRP is already added.
Also some other commands - strip phone number from username (in
form XXX...XX:name where XXX - number),
remove spaces from username etc.
srp-2.1.2.tar.gz
- SRP package from srp.stanford.edu
- it is required to compile all of the above
and just placed here for convenience.
WARNING!
This code is extremelly alpha!
It is of "works for me" quality - is not tested under heavy loads etc.
etc.
What's more "interesting" - is seems to me that due to changes in SRP
library this is actually SRP-SHA256 :)))
Didn't bother to check since both client and server run the same
library and it is perfectly compatible to itself :)