2012-03-14 - Re: [GRASE-Hotspot] Grase and challenge

Header Data

From: Mercier Valentin <me***v@gmail.com>
Message Hash: fdc8c45aadb05c2362d7afb2b080d48fe4adf5f1a62e40943005b48a6c38808f
Message ID: <83798BD85B754C619882A35B65738726@gmail.com>
Reply To: <4F60774A.3010407@gmail.com>
UTC Datetime: 2012-03-14 05:09:58 UTC
Raw Date: Wed, 14 Mar 2012 13:09:58 +0100

Raw message 

First thanks for the answer,  
> It is possible, but not supported currently. The reason being is you  
> then need to MySQL database there too, and it starts to get a bit more  
> complicated. If you are doing this, you need to modify the files in  
> /etc/grase/ to point to the database on the other server so that the  
> admin interface and the user interfaces can access it, as they access it  
> directly and not through radius.
> What's you reason for wanting to do it like this?  
Great, I think I can modify the files to do this, but do you know if, when we install Grase, the installer install MySql too ?
I wan't to do that because I'm gonna install Grase in different place but I want a centralization of the users.  
> Grase already does this (the javascript based login does chap challenge  
> response). It falls back to a less secure method if javascript is  
> disabled, that still does CHAP but uses PHP scripts to do the challenge  
> and response. So what I could do, is add an option so it doesn't  
> fallback to the less secure method ever, but then users without  
> javascript won't be able to login. Currently the non-javascript login  
> warns the user about it being less secure.
Hum ok, so if I change the javascript I can prompt the chap challenge to the users right ?

Another question (sorry about that), do you think a user can login but in a anonymous way, I mean I want my user to enter his name and then a account is create but without password, but with the chap challenge - response system ?

thanks again
--  
Mercier Valentin

Le mercredi, 14 mars 2012 à 11:47, Tim White a écrit :

> HI Mercier
>  
> On 14/03/12 20:18, Mercier Valentin wrote:
> > Hi,
> >  
> > I'm very interested about Grase but I have some questions before using  
> > it.
> > First I want to install the freeradius server in an other place and  
> > make the authentication through a VPN, is that possible ?
> It is possible, but not supported currently. The reason being is you  
> then need to MySQL database there too, and it starts to get a bit more  
> complicated. If you are doing this, you need to modify the files in  
> /etc/grase/ to point to the database on the other server so that the  
> admin interface and the user interfaces can access it, as they access it  
> directly and not through radius.
> What's you reason for wanting to do it like this?
> >  
> > And then I want to use the access-challenge with chap with freeradius  
> > not the simple authentication method that Grase use.
> > And I want the client to calculate the response of the chap challenge,  
> > is that possible too ?
> Grase already does this (the javascript based login does chap challenge  
> response). It falls back to a less secure method if javascript is  
> disabled, that still does CHAP but uses PHP scripts to do the challenge  
> and response. So what I could do, is add an option so it doesn't  
> fallback to the less secure method ever, but then users without  
> javascript won't be able to login. Currently the non-javascript login  
> warns the user about it being less secure.
>  
> >  
> > Thanks in advance for your response, and sorry about my bad english.
>  
> No problem. Hope that answers your questions.
>  
> Tim

Thread