DHCP and UAP ?

I'm looking for an opensource DHCP server which supports
the user authentication protocol described in RFC 2485:

>> User Authentication Protocol Option
>>
>> This option specifies a list of URLs, each pointing to a user
>> authentication service that is capable of processing authentication
>> requests encapsulated in the User Authentication Protocol (UAP). UAP
>> servers can accept either HTTP 1.1 or SSLv3 connections. If the list
>> includes a URL that does not contain a port component, the normal
>> default port is assumed (i.e., port 80 for http and port 443 for
>> https). If the list includes a URL that does not contain a path
>> component, the path /uap is assumed.

The manpage for RHEL4's dhcpd.conf includes the following:

>> authenticated clients;
>>
>> If specified, this statement either allows or prevents allocation from
>> this pool to any client that has been authenticated using the DHCP
>> authentication protocol. This is not yet supported.
>>
>> unauthenticated clients;
>>
>> If specified, this statement either allows or prevents allocation from
>> this pool to any client that has not been authenticated using the DHCP
>> authentication protocol. This is not yet supported.

So it looks like there are hooks for this in RedHat's DHCP
server, but nothing useful (yet).

Does anyone know whether RHEL5's dhcpd will support this?
Or whether there are any other DHCP servers that I could
deploy in place of the standard RHEL4 one? Thus far, the
bit of googling I've done hasn't turned up anything useful.

Thanks in advance ...

PS: The more I think about this, though, the more confused
I am about how it would work. If a DHCP server were told to
prevent allocation from an address pool to clients which had
not yet authenticated, how could those clients even connect
to the specified authentication URLs, if they haven't gotten
an IP address yet?

I _must_ be missing something obvious here ...

---------------

Mark Bartelt
Center for Advanced Computing Research
California Institute of Technology
Pasadena, California 91125

626 395 2522
626 584 5917 fax
626 628 3994 e-fax

mark@cacr.caltech.edu

http://www.cacr.caltech.edu/~mark
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: DHCP and UAP ?

Mark Bartelt wrote:

> PS: The more I think about this, though, the more confused
> I am about how it would work. If a DHCP server were told to
> prevent allocation from an address pool to clients which had
> not yet authenticated, how could those clients even connect
> to the specified authentication URLs, if they haven't gotten
> an IP address yet?
>
> I _must_ be missing something obvious here ...

Presumably, you have a pool for unauthenticated clients. At boot, the
client gets an address from this pool, uses it to authenticate, then
requests a new address from the authenticated-clients pool.

--
Glynn Clements
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html