Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Internet access and telco usage patterns

  • From: Barry James
  • Date: Mon Jul 08 16:21:37 1996

On Sat, 6 Jul 1996, Eric Woodward wrote:

> I looked at this doing this about a year ago but the major stumbling block 
> was that if ISPs share the authentication responsibility using distributed
> RADIUS, they have the capability of keeping each other's passwords for the
> user's that used the global access service.

This has changed slightly, now.  We are able to use the "realm" concept 
and have the end-user travel to, say, ISP-B (with which end-user's ISP 
has reciprocity) and given that his login is joeblow, then he could login 
as: joeblow@isp-a and the TS would then relay to the default RADIUS 
server at which point that RADIUS server would ensure it had reciprocity 
with the "ISP-A" realm and then forward that authentication request onto 
ISP-A's RADIUS server.  After being authenticated, the TS would then 
issue an IP and accounting would be sent off to the appropriate ISP(s).
So, the only "secrets" that are shared are the md5 digest keys used 
between the RADIUS server and TS.

Barry

Barry James		| Mikrotec Internet Services, Inc (AS3801)
Sr Internet Engineer	| 1001 Winchester Rd
bjames@mis.net		| Lexington KY 40505
http://www.mis.net/	| 606/225.1488

- - - - - - - - - - - - - - - - -




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.