2012-03-14 - Re: [GRASE-Hotspot] Grase and challenge

Header Data

From: Tim White <ti***8@gmail.com>
Message Hash: f5622790b533fa08c4417bcef0393bfb731eb88a83a23b245f4bc9e2e36b3106
Message ID: <4F60774A.3010407@gmail.com>
Reply To: <7FDC8D2F0A404BD491E1B0B7681B8E8D@gmail.com>
UTC Datetime: 2012-03-14 03:47:38 UTC
Raw Date: Wed, 14 Mar 2012 20:47:38 +1000

Raw message 

HI Mercier

On 14/03/12 20:18, Mercier Valentin wrote:
> Hi,
>
> I'm very interested about Grase but I have some questions before using 
> it.
> First I want to install the freeradius server in an other place and 
> make the authentication through a VPN, is that possible ?
It is possible, but not supported currently. The reason being is you 
then need to MySQL database there too, and it starts to get a bit more 
complicated. If you are doing this, you need to modify the files in 
/etc/grase/ to point to the database on the other server so that the 
admin interface and the user interfaces can access it, as they access it 
directly and not through radius.
What's you reason for wanting to do it like this?
>
> And then I want to use the access-challenge with chap with freeradius 
> not the simple authentication method that Grase use.
> And I want the client to calculate the response of the chap challenge, 
> is that possible too ?
Grase already does this (the javascript based login does chap challenge 
response). It falls back to a less secure method if javascript is 
disabled, that still does CHAP but uses PHP scripts to do the challenge 
and response. So what I could do, is add an option so it doesn't 
fallback to the less secure method ever, but then users without 
javascript won't be able to login. Currently the non-javascript login 
warns the user about it being less secure.

>
> Thanks in advance for your response, and sorry about my bad english.

No problem. Hope that answers your questions.

Tim

Thread