uCdot
search uCdot:
  
Embedded Linux and uClinux Developer Forum
 
uCdot
- FAQ
- Dev Boards
- Submit Story
- Submit FAQ
- Submit Dev Board
- Topics
- Authors
- About
- Preferences
- Older Stuff
- Past Polls
- Discussions
- Journals
- Messages

Embedded Linux
Mailing Lists
uClinux-dev (search)
Coldfire (search)
MTD
Microblaze (search)
ELUG
BDM-devel
Blackfin

Embedded Linux
Sites
uClinux.org
uClinux-Dist
uClibc
uClinux Directory
LinuxDevices
ARMulator
uClinux-elf-tools
Colilo
Kernel Archives
H8-uClinux
TLDP
Microblaze uClinux
BDM Tools
SkyEye (emulator)
LOM
SETR live CD
Blackfin uClinux

Embedded Linux
Companies
SecureComputing
SDCS
CodePoet
Arcturus
Cadenux
ARMtwister
uClinux.net
Xiptech
senTec
embedded^cl
Cwlinux
emlix
TimeSys
eSpark Infotech
SSV Embedded Systems
Embedded Minds
PeerSec Networks
Vortech Consulting
swissEmbedded
Synertronixx
Mbedthis Software
.vantronix
Aday
GraceLabs
Pengutronix
metux ITS
Codito Technologies
Firmix Software
PetaLogix
NuDesign
Merritt Technologies
WindRiver
OpenGear
Rubico
Analog Devices
Artila Electronics
Vyatta
Embest Info&Tech
Katalix Systems
WorkWare Systems
Kdev
Intellimetrix
Virtual Cogs
SYSGO
coresystems
ExactCODE
KOAN

 

Authentication - RADIUS, TACACS+

SnapGear has extended the SecureEdge VPN Firewall, a platform for OEMs to rapidly produce powerful and secure internet appliances, with the addition of RADIUS and TACACS+.

All of the ColdFire Family and x86 variants of the SecureEdge, using the popular uClinux operating system, now support the RADIUS and TACACS+ protocols. These are the two most widely used protocols, particularly by ISPs, for providing centralized AAA (authentication, authorization, and accounting). Adding this support involved creating two plugins for pppd. Thus anything using pppd can use RADIUS and TACACS+ such as SnapGear's PoPToP PPTP and PPP dialin. Code size increases were minimal:

(all sizes in Kb)ColdFirex86
base pppd: 146204 134040
with TACACS+: 156880 (+10676) 145332 (+11292)
with RADIUS: 155616 (+9408) 142588 (+8548)
with both: 165232 (+19028) 153656 (+19616)

The SecureEdge VPN Firewalls are available in a mix of models that include multiple 10/100 ethernet ports, serial ports, inboard modems, ADSL, ISDN, and other broadband connectivity. SnapGear has been increasingly asked for wireless support for 802.11b, Bluetooth and other protocols. This incredible range of connectivity options, coupled with a hardened firewall, and industry standard VPN technology make the platform extremely versatile. OEM partners have deployed the units as combinations of access servers, intelligent content filters, conventional routers, corporate edge security solutions, branch office relays, and even as music players! It was a logical extension to add the authentication, authorization and accounting functionality as many customers are ultimately ISPs and their end-users are looking for products that do a little more than just route packets and find the integration options attractive.

AAA - authentication, authorization, and accounting, are the backbone of modern Internet infrastructure for dial-in access servers, billing, and other ISP functions. Authentication determines who is accessing a resource, leading to an Authorization phase to determine what the authenticated user may access and usually provision of an IP address if dialling in, and finally leading to the Accounting function which logs the user actions allowing billing to take place (eg for connect time).

TACACS, an acronym for "Terminal Access Controller Access Control System", has been in use for many years and was extended in 1990 to be XTACACS (both can be found in RFC1492). TACACS+ was a completely new protocol designed to address the shortcomings of the earlier incarnations and was not designed to have backward compatibility. TACACS+ operates over standard TCP protocols and because it separates the authentication and authorization phases there is more flexibility of combinations of AAA methods used.

RADIUS, the other leading protocol, has much functionality in common with TACACS+ although it operates using the more fundamental UDP protocols. The choice between the two methods will depend largely on the incumbent network equipment and environment.

Further information on SnapGear VPN Firewall Appliances

Further information on SecureEdge Development Platforms

Further Technical Bulletins

The Embedded Linux and uClinux Developer Forum is hosted by: SnapGear Nothing succeeds like the appearance of success. -- Christopher Lascl

[ home | contribute story | older articles | past polls | faq | authors | preferences ]