[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openikev2-users
Subject:    [openikev2-users] EAP-SIM and backend AAA server authentication
From:       alejandro_perez () dif ! um ! es (Alejandro =?ISO-8859-1?Q?P=E9rez_M=E9ndez?=)
Date:       2006-12-06 16:36:33
Message-ID: 1165419542.4563.23.camel () isabel
[Download RAW message or body]

Hi Frankie,

see inline, please

> Hi Guys,
> 
>  
> 
> I have been installing and trying out a number of open source IKEv2
> implementations which have included strongSwam and racoon2 and
> recently I have just stumbled across yours, which compared to the
> others looks pretty good and well documented. However, while playing
> with these I realise that my requirements may not be met yet by any
> open source implementations. Thus before I proceed to download yours
> and try it out I was wondering whether you could answer a couple of
> questions for me about your implementation.
> 
>  
> 
>       * At present you mention that you support EAP authentication and
>         more specifically the MD5 Challenge sequence. Do you have nay
>         plans to support EAP-SIM?

The main part of OpenIKEv2 is not the "openikev2" daemon, but the
libopenikev2 library. libopenikev2_impl & openikev2 are examples of what
libopenikev2 can do.

libopenikev2 defines a set of pure virtual functions (or callbacks)
allowing to perform any kind of EAP authentication. In libopenikev2_impl
we provide an experimental and non standard MD5 Challenge implementation
as an example for libopenikev2 users.

We provide the IKEv2 EAP transport, but the libopenikev2 users should
provide the concrete EAP authentication implementation.

Thus, we haven't any plans to support EAP-SIM, sorry :(

>       * If so would this include EAP-SIM authentication via a backend
>         AAA server (e.g. freeRADIUS, since this supports EAP-SIM)?

This is a really interesting point. We are planning to support EAP
authentication via backend AAA server (using OpenDiameter) acting as a
EAP pass-thorough authenticator, so all the EAP methods supported by
OpenDiameter would be supported.

>       * Any idea of time frames, if you plan to support this?

We expected that in about 3 or 4 months we will have a fully functional
version supporting a backend AAA server (with OpenDiameter).

Best regards,
Alejandro


[prev in list] [next in list] [prev in thread] [next in thread]