| Brian Waters | 13d9601 | 2017-12-08 16:53:31 -0600 | [diff] [blame^] | 1 | DiamEAP (http://diameap.yagami.freediameter.net/) |
| 2 | |
| 3 | Copyright (c) 2009-2010 Souheil Ben Ayed, Teraoka Laboratory of Keio University, and the WIDE Project. |
| 4 | |
| 5 | Author: Souheil Ben Ayed <souheil@tera.ics.keio.ac.jp> |
| 6 | |
| 7 | |
| 8 | |
| 9 | ----- SUMMARY ----- |
| 10 | |
| 11 | DiamEAP is an implementation of the Diameter Extensible Authentication Protocol (EAP) Application (RFC 4072). |
| 12 | The Diameter protocol is a AAA protocol to securely carry Authentication, Authorization and Accounting informations between the AAA client and the AAA server. |
| 13 | Diameter EAP Application is a Diameter application that supports authentication using Extensible Authentication Protocol (RFC 3748). |
| 14 | |
| 15 | DiamEAP is designed to be extensible so that any new EAP method can be implemented separately as a shared library called 'EAP method plug-in'. |
| 16 | Currently, DiamEAP comprises two EAP Methods plug-ins: |
| 17 | - EAP MD5 plug-in : implementation of EAP-MD5 authentication method. |
| 18 | - EAP TLS plug-in : implementation of EAP-TLS authentication method . |
| 19 | |
| 20 | Other EAP methods are scheduled to be added in future releases. |
| 21 | |
| 22 | DiamEAP is an extension for freeDiameter. Visit http://www.freediameter.net/ for more information on freeDiameter project. |
| 23 | |
| 24 | For more information on DiamEAP project, visit http://diameap.yagami.freediameter.net/ |
| 25 | |
| 26 | |
| 27 | |
| 28 | ----- REQUIREMENTS ----- |
| 29 | |
| 30 | Some packages are required to compile DiamEAP from source. |
| 31 | |
| 32 | If you will install DiamEAP on Debian or Ubuntu system install the following packages: cmake flex bison libgnutls-dev libgcrypt-dev libmysqlclient-dev |
| 33 | |
| 34 | $ sudo apt-get install cmake flex bison libgnutls-dev libgcrypt-dev libmysqlclient-dev |
| 35 | |
| 36 | |
| 37 | |
| 38 | ----- INSTALLATION ----- |
| 39 | |
| 40 | 1- Add DiamEAP extension to freeDiameter. |
| 41 | See freeDiameter documentation (http://www.freediameter.net/) |
| 42 | |
| 43 | 2-Create a new MySQL database and add tables using the sql script 'diameap.sql'. |
| 44 | |
| 45 | 3- Edit the extensions/CMakeList.txt file to add DiamEAP to freeDiameter. |
| 46 | |
| 47 | Add the following lines: |
| 48 | |
| 49 | OPTION(BUILD_APP_DIAMEAP "Build DiamEAP? (Diameter EAP Application - RFC 4072)" OFF) |
| 50 | IF (BUILD_APP_DIAMEAP) |
| 51 | ADD_SUBDIRECTORY(app_diameap) |
| 52 | ENDIF (BUILD_APP_DIAMEAP) |
| 53 | |
| 54 | Note: you can enable DiamEAP to be built with freeDiameter by setting the BUILD_APP_DIAMEAP to ON. If you enable it here you don't need to enable it when building freeDiameter. |
| 55 | |
| 56 | 4- Enable DiamEAP by enabling BUILD_APP_DIAMEAP option with CMake: |
| 57 | |
| 58 | cmake -DBUILD_APP_DIAMEAP:BOOl=ON ../ |
| 59 | |
| 60 | |
| 61 | |
| 62 | ----- CONFIGURATION ----- |
| 63 | |
| 64 | DiamEAP requires a configuration file to start the DiamEAP server. |
| 65 | It is advised to start by a copy of the sample file, and customize the configuration to fit your needs. |
| 66 | A sample configuration file 'diameap.conf.sample' can be find in extensions/app_diameap/ or in doc/ folder of freeDiameter. |
| 67 | The file 'diameap.conf.sample' contains a description of all parameters that can be added to the DiamEAP configuration file. |
| 68 | |
| 69 | *Specify connection parameters to DiamEAP MySQL database: |
| 70 | - username and password to connect to the MySQL Server |
| 71 | - database server : address to MySQL server. |
| 72 | - database name : database for DiamEAP. |
| 73 | |
| 74 | Example: |
| 75 | |
| 76 | DiamEAP_MySQL = "UserName" , "MyPassword" , "localhost" , "drupal_ui"; |
| 77 | |
| 78 | |
| 79 | *Add EAP Method plug-ins to be loaded with DiamEAP server. Note that EAP Identity must be add. |
| 80 | |
| 81 | Example: |
| 82 | |
| 83 | Load_plugin = "EAP MD5":4:0:"extensions/eap_md5.emp":""; |
| 84 | Load_plugin = "EAP TLS":13:0:"extensions/eap_tls.emp":"doc/eap_tls_plugin.app_diameap.conf"; |
| 85 | |
| 86 | |
| 87 | * Enable Authorization with DiamEAP. |
| 88 | |
| 89 | You can enable DiamEAP to check authorization of authenticated users. To enable authorization set authorization to 1. ( by default disabled). |
| 90 | |
| 91 | |
| 92 | * Multiple round trips timeout |
| 93 | |
| 94 | This parameter indicates the maximum number of seconds provides the user to answer to a Diameter-EAP-Request. (by default set to 30 seconds) |
| 95 | |
| 96 | |
| 97 | * Invalid EAP Packets |
| 98 | |
| 99 | This parameter defines the maximum number of invalid EAP packets that can be received before rejecting the connection. (by default set to 5 packets) |
| 100 | |
| 101 | |
| 102 | For more documentation on configuring DiamEAP, visit the documentation page of the project : http://diameap.yagami.freediameter.net/documentation |
| 103 | |
| 104 | |
| 105 | |
| 106 | ----- COPYRIGHT ----- |
| 107 | |
| 108 | See LICENSE file for legal information on this software. |
| 109 | |
| 110 | |
| 111 | |
| 112 | ----- CONTACT ----- |
| 113 | |
| 114 | Author: Souheil Ben Ayed (souheil@tera.ics.keio.ac.jp) |
| 115 | |
| 116 | |
| 117 | Current maintainers: |
| 118 | -Souheil Ben Ayed (Teraoka Laboratory of Keio University) |
| 119 | souheil@tera.ics.keio.ac.jp |