ÔÚ Linux ÉϹ¹½¨Ò»¸ö RADIUS ·þÎñÆ÷

×÷ΪһÃûÍøÂç¹ÜÀíÔ±£¬ÄúÐèҪΪÄúËùÐè¹ÜÀíµÄÿ¸öÍøÂçÉ豸´æ·ÅÓÃÓÚ¹ÜÀíµÄÓû§ÐÅÏ¢¡£µ«ÊÇÍøÂçÉ豸ͨ³£Ö»Ö§³ÖÓÐÏÞµÄÓû§¹ÜÀí¹¦ÄÜ¡£Ñ§Ï°ÈçºÎʹÓà Linux™ ÉϵÄÒ»¸öÍⲿ RADIUS ·þÎñÆ÷À´ÑéÖ¤Óû§£¬¾ßÌåÀ´ËµÊÇͨ¹ýÒ»¸ö LDAP ·þÎñÆ÷½øÐÐÑéÖ¤£¬¿ÉÒÔ¼¯ÖзÅÖô洢ÔÚ LDAP ·þÎñÆ÷Éϲ¢ÇÒÓÉ RADIUS ·þÎñÆ÷½øÐÐÑéÖ¤µÄÓû§ÐÅÏ¢£¬´Ó¶ø¼È¿ÉÒÔ¼õÉÙÓû§¹ÜÀíÉϵĹÜÀí¿ªÏú£¬ÓÖ¿ÉÒÔʹԶ³ÌµÇ¼¹ý³Ì¸ü¼Ó°²È«¡£
Êý¾Ý°²È«×÷ΪÏÖ´úϵͳÖÐÍøÂ簲ȫµÄÒ»²¿·Ö£¬Óëϵͳ°²È«Ò»ÑùµÄÖØÒª£¬ËùÒÔ±£»¤Êý¾Ý —— È·±£Ìṩ»úÃÜÐÔ¡¢ÍêÕûÐԺͿÉÓÃÐÔ —— ¶Ô¹ÜÀíÔ±À´ËµÖÁ¹ØÖØÒª¡£
ÔÚ±¾ÎÄÖУ¬ÎÒ½«Ì¸µ½Êý¾Ý°²È«ÐԵĻúÃÜÐÔ·½Ã棺ȷ±£Êܱ£»¤µÄÊý¾ÝÖ»Äܱ»ÊÚȨÓû§»òϵͳ·ÃÎÊ¡£Äú½«Ñ§Ï°ÈçºÎÔÚ Linux ϵͳÉϽ¨Á¢ºÍÅäÖÃÒ»¸ö Remote Authentication Dial-In User Service ·þÎñÆ÷£¨RADIUS£©£¬ÒÔÖ´ÐжÔÓû§µÄÑéÖ¤¡¢ÊÚȨºÍ¼ÇÕÊ£¨AAA£©¡£
¸÷×é³ÉÔªËؽéÉÜ
Ê×ÏÈÈÃÎÒÃÇ̸һ̸ RADIUS ЭÒé¡¢AAA ×é¼þÒÔ¼°ËüÃÇÈçºÎ¹¤×÷£¬ÁíÍ⻹ÓÐ LDAP ЭÒé¡£
Remote Authentication Dial-In User Service ЭÒéÊÇÔÚ IETF µÄ RFC 2865 Öж¨ÒåµÄ£¨Çë²ÎÔÄ ²Î¿¼×ÊÁÏ »ñµÃÏà¹ØÁ´½Ó£©¡£ËüÔÊÐíÍøÂç·ÃÎÊ·þÎñÆ÷£¨NAS£©Ö´ÐжÔÓû§µÄÑéÖ¤¡¢ÊÚȨºÍ¼ÇÕÊ¡£RADIUS ÊÇ»ùÓÚ UDP µÄÒ»ÖÖ¿Í»§»ú/·þÎñÆ÷ЭÒé¡£RADIUS ¿Í»§»úÊÇÍøÂç·ÃÎÊ·þÎñÆ÷£¬Ëüͨ³£ÊÇÒ»¸ö·ÓÉÆ÷¡¢½»»»»ú»òÎÞÏß·ÃÎʵ㣨·ÃÎʵãÊÇÍøÂçÉÏרÃÅÅäÖõĽڵ㣻WAP ÊÇÎÞÏß°æ±¾£©¡£RADIUS ·þÎñÆ÷ͨ³£ÊÇÔÚ UNIX »ò Windows 2000 ·þÎñÆ÷ÉÏÔËÐеÄÒ»¸ö¼à»¤³ÌÐò¡£
RADIUS ºÍ AAA
Èç¹û NAS ÊÕµ½Óû§Á¬½ÓÇëÇó£¬Ëü»á½«ËüÃÇ´«µÝµ½Ö¸¶¨µÄ RADIUS ·þÎñÆ÷£¬ºóÕ߶ÔÓû§½øÐÐÑéÖ¤£¬²¢½«Óû§µÄÅäÖÃÐÅÏ¢·µ»Ø¸ø NAS¡£È»ºó£¬NAS ½ÓÊÜ»ò¾Ü¾øÁ¬½ÓÇëÇó¡£
¹¦ÄÜÍêÕûµÄ RADIUS ·þÎñÆ÷¿ÉÒÔÖ§³ÖºÜ¶à²»Í¬µÄÓû§ÑéÖ¤»úÖÆ£¬³ýÁË LDAP ÒÔÍ⣬»¹°üÀ¨£º
PAP£¨Password Authentication Protocol£¬ÃÜÂëÑé֤ЭÒ飬Óë PPP Ò»ÆðʹÓã¬ÔÚ´Ë»úÖÆÏ£¬ÃÜÂëÒÔÃ÷ÎÄÐÎʽ±»·¢Ë͵½¿Í»§»ú½øÐбȽϣ©£»
CHAP£¨Challenge Handshake Authentication Protocol£¬ÌôÕ½ÎÕÊÖÑé֤ЭÒ飬±È PAP ¸ü°²È«£¬ËüͬʱʹÓÃÓû§ÃûºÍÃÜÂ룩£»
±¾µØ UNIX/Linux ϵͳÃÜÂëÊý¾Ý¿â£¨/etc/passwd£©£»
ÆäËû±¾µØÊý¾Ý¿â¡£
ÔÚ RADIUS ÖУ¬ÑéÖ¤ºÍÊÚȨÊÇ×éºÏÔÚÒ»ÆðµÄ¡£Èç¹û·¢ÏÖÁËÓû§Ãû£¬²¢ÇÒÃÜÂëÕýÈ·£¬ÄÇô RADIUS ·þÎñÆ÷½«·µ»ØÒ»¸ö Access-Accept ÏìÓ¦£¬ÆäÖаüÀ¨Ò»Ð©²ÎÊý£¨ÊôÐÔ-Öµ¶Ô£©£¬ÒÔ±£Ö¤¶Ô¸ÃÓû§µÄ·ÃÎÊ¡£ÕâЩ²ÎÊýÊÇÔÚ RADIUS ÖÐ