|
6 Secure Linux Wi-Fi Authentication Servers
By Eric Geier (NoWiresSecurity Founder
& CEO) - originally published on
LinuxPlanet
Here we'll take a look at six
different open and free Remote Authentication Dial In User Service
(RADIUS) servers available for Linux (and other platforms). You'll
find something that will work for you, whether you're supporting
dial-up or VPN users, offering 802.1X for Wi-Fi security, or running
VoIP. All your Authentication, Authorization, and Accounting (AAA)
needs can be met on a Linux server.
FreeRADIUS
The FreeRADIUS project was founded in June of 1999 by Miquel van
Smoorenburg and Alan DeKok. Its freely available via the GNU General
Public License, Version 2 (GPLv2) for running on Linux, other
Unix-like systems, and even Windows. Since the first stable release
in 2001 there have been feature improvements and bug fixes released
every couple of months. There is extensive community support via
documentation, a Wiki, mailing lists, and tutorials throughout the
Internet. Commercial support is also available from consulting firms
like Network RADIUS.
FreeRADIUS claims to be the world's most popular RADIUS Server. They
estimate their server is responsible for authenticating hundreds of
millions of users daily across over 50,000 sites. They claim their
server provides the AAA needs of many Fortune-500 companies and
ISPs.
In addition to the actual RADIUS server, FreeRADIUS includes a BSD
licensed client library, a PAM library, an Apache module, and other
administrative tools. FreeRADIUS includes most features of other
servers, plus supports EAP for 802.1X authentication for Wi-Fi
security. Binary packages are downloadable for numerous platforms,
and the source code is always available. Settings are defined text
configuration files, which are well commented and documented.
GNU Radius
GNU Radius was started under the GNU project and had its first
public releases in 2002. Its freely available via the GNU General
Public License, Version 3 (GPLv3) and runs on Unix-like systems. The
latest release was in December of 2008. For support there are
mailing lists, an online reference manual, and a printed manual
available for purchase.
GNU Radius supports a wide variety of authentication schemes,
including system database, internal database, SQL database and PAM
authentication. It includes some basic administration tools in
addition to the server. GNU Radius is configurable via text
configuration files, similarly to FreeRADIUS.
OpenRADIUS
The OpenRADIUS project released its first public version in 2001,
and the latest in 2007. Its freely available and licensed under the
GNU General Public License, Version 2 (GPLv2) and can run on
Unix-like systems. Support includes online documentation and a
mailing list. Commercial support and custom development are also
available.
OpenRADIUS offers a versatile backend interface which can get shared
secrets, authentication information, policies and user profiles from
any available external data source. It supports Unix password
databases, Livingston-style ASCII files, and LDAP directories out of
the box. Flexibility is provided with a built-in expression
language. The powerful dictionary can be made to support all types
of vendor-specific attributes. The OpenRADIUS settings are defined
in just two configuration files.
BSDRadius
BSDRadius is a RADIUS server written in Python, targeted for use in
Voice over IP (VoIP) applications. The main sponsor of the project
is Data Tech Labs. Their first public release was in 2006 and the
latest in 2007. It's freely available via the BSD license for BSD
systems, Linux, and other platforms. For support, you'll find online
documentation and mailing list.
The BSDRadius server is streamlined for use with the common VoIP
protocols (SIP and H.323) and authentication methods (CHAP and
Digest), rather than supporting the whole range of networking
protocols and authentication methods. This optimization reduces the
processing overhead and code size of server. It can handle the high
amount of AAA requests, large databases, and timely responses
required by VoIP.
IBS
IBS is an accounting and billing solution for ISPs with an
integrated RADIUS server that supports prepaid VoIP, dial-up, and
LAN services. It's freely available with the GNU General Public
License (GPL) and can run on Unix-like systems. The first public
release was in 2003, and the latest in 2008. The server is written
in Python and the web interface in PHP4. For support, there's an
online manual and discussion forum.
The IBS server supports LAN accounting using the PPTP protocol,
prepaid VoIP with interactive voice response (IVR) on the Cisco and
Quintum platforms, and traffic shaping for LAN clients. It also
features an integrated mail system and an Apache authentication
module. For optimum performance, IBS implements a thread pool, event
scheduler, and a database connection pool. IBS works with products
from Cisco, Portmasters, Multiport, and Quintum Tenor.
Radiance
Radiance is a small project headed by Iagu Networks. Since the
RADIUS server is written in Perl, its highly portable. It can run on
most POSIX systems, such as Unix, Linux, Mac OS X, and BeOS. For
support there's a small online document. |
