Auth_Container_RADIUS

Auth_Container_RADIUS -- Authenticate against a RADIUS server

RADIUS Container

You need Auth_RADIUS and the PECL radius in order to get this container to work.

The storage-specific argument for the Auth constructor() is an array of options.

Table 28-1. Available Options

OptionData TypeDefault valueDescription
"servers" array array("localhost", 0, "testing123", 3, 3)

Array of RADIUS servers, containing: host, port, shared secret, timeout, maxtries.

The host parameter specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address in text form.

The port parameter specifies the UDP port to contact on the server. If port is given as 0, the library looks up the radius/udp entry in the network services database, and uses the port found there. If no entry is found, the library uses the standard RADIUS port for authentication (1812).

The shared secret for the server host is passed to the secret parameter. The RADIUS protocol ignores all but the leading 128 bytes of the shared secret.

The timeout for receiving replies from the server is passed to the timeout parameter, in units of seconds.

The maximum number of repeated requests to make before giving up is passed into the maxtries parameter.

At most 10 servers may be specified. When multiple servers are given, they are tried in round-robin fashion until a valid response is received, or until each server's maxtries limit has been reached.

"authtype" string "PAP"

The authentication method for validating the request. Possible values are: PAP, CHAP_MD5, MSCHAPv1, MSCHAPv2.

There are dependencies for the different methods. For all authentication methods except PAP you need the Crypt_CHAP package, when you are using MS-CHAP you need also the mhash extension.