Identity & Policy Control - SBR Carrier & SRC
Identity & Policy Control - SBR Carrier & SRC

SBRC with external password generator

‎10-24-2012 10:06 PM

Hi All,

I plan to develop SBR as AAA for wifi user, and using external password generator. Some question is :

- How can password generator update database in SBR?

- Which is best, sbr send CoA or DM to NAS?

- Should sbr store all user record in database including expired username? what kind of mechanism to revoke any expired one?

 

Thanks.

 

Faizal

3 REPLIES 3
Identity & Policy Control - SBR Carrier & SRC

Re: SBRC with external password generator

‎10-25-2012 06:32 AM

Hi Faizal,

 

These are REALLY good questions, but we need some more information.

 

1. What is the authentication method the users are going to use?  Native users?  LDAP? SQL?

2. Is the password Generator something to generate a user's initial password, and then require changing it?

 

COA messages will allow you to change a users profile on the NAS, DM is only a disconnect message ending the users session.  

 

I'm not sure what you mean by expired user records, can you expand on that?

Identity & Policy Control - SBR Carrier & SRC

Re: SBRC with external password generator

‎10-26-2012 11:52 AM

Hi Jon,

The auth method will use SQL/MySQL. Password is  generate by some system and will send to user also to SBR, so SBR should to keep those password while it will be use for user authentication. It is kind of one time password, let say it will expire after 1 month, so password should be unusable after expiration.

Thanks in advance.

 

Regards,
Faizal

Identity & Policy Control - SBR Carrier & SRC

Re: SBRC with external password generator

‎10-29-2012 04:22 AM

Hi Faizal,

 

Since you wanted to use SQL/MySQL plugin in SBR, SBR does not store any User Passwords in that case.

Whenever SBR receives a Authentication request, SBR will query the SQL DB for Username and Password Validation and authenticates the user based on the results.

In such a case the password expiration and the account deactivation will be managed at the external DB itself.

 

Thanks

Ashish Paul