[ale] Authentication for network access

Dan Newcombe Newcombe at mordor.clayton.edu
Thu Nov 30 16:43:55 EST 2000


On Thu, 30 Nov 2000, Luis wrote:
> I'm not sure if PPPoE would fit your needs either, as it uses PAP through 
> aradius server which then allows network access. But yes, there is software 
> for Win2k and Mac OS. All that software does is allow them to authenticate 
> through PAP (Password Authentication Protocol).

that would probably work.  What we are aiming for is knowing who had what
IP at what time.  Going through a radius server would give us a who, and
then I assume like PPP (IPCP) it gives an IP address.  Tie those toegether
and we're good.
 
> But what you're asking is probably dealing more with implementation of an 
> authentication scheme, rather than access. There's PAP, CHAP, ACAP which 
> are different methods of authentication, and I'm sure tons more but I'm not 
> an expert on the subject.

It's a combination...if they don't authenticate themself, they don't get
access to the network.  

> With DHCP, you could have a pool of IPs which are only given out when 
> access is needed. But same thing, with DHCP, it can also implement PAP and 
> CHAP.

Huh?  DHCP and PAP/CHAP?  I don't think DHCP does anything with those, but
you can prove me wrong.

> But any way you go, more than likely, your authentication will be handled 
> by the server, not the client.

Of course - it just becomes a matter of "do they authenticate and get an
IP address, like PPP" or "do they authenticate to get routing enabled for
their address"
 
> Authentication doesn't have much to do with the NICs unless you manually 
> record the MAC addresses, and allow network access that way.

However, like I said above, if we have recorded the NIC's, then we know
who they are and when a NIC gets an IP address, we will have a log of that
and know who had that address.

Another idea I just had:
	DHCP server running with a list of valid nics.  If the NIC is not
in there, they get an address which only allows them to get to a server to
say who they are (got that covered) and enter their NIC.  The NIC is added
to the DHCP server config file, and when they reboot, they get a routable
IP.  Only thing that worries me is SIGHUP'ing the DHCP server over and
over.


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list