Matej Kocmur (2012) Comparison of authentication methods and tools. EngD thesis.
Abstract
We started this thesis with the review in area of many different authenticational protocols, more detailed description of the three most important authenticational protocols (RADIUS, LDAP and KERBEROS) follow, also cryptographic methods, hash functions and PKI infrastructure are described. We concluded the theoretical part of the thesis with safety aspects of protocols RADIUS and LDAP and also vulnerability of KERBEROS protocol, where we obtained proper quotes, which we also commented. The next part brings an overview of the selected authenticational servers and also comparison of authentications follow. Finding differences between them was also the goal of this thesis. We used servers FreeRADIUS, OpenLDAP and FreeIPA, which we installed on the virtual server and configured properly. Within the FreeRADIUS server we enabled RADIUS authentication with file, MySQL database and LDAP directory service. We also enabled the RADIUS authentication for Linux users, with the use of suitable PAM module. Later we also enabled accounting and gained time of successful authentications within FreeRADIUS server. By using the OpenLDAP server we enable LDAP authentication for Linux users and also used suitable PAM module. We used the last server, called FreeIPA, to gain KERBEROS authentication where certain user can log in the system and carrying out the authentication by the help of KERBEROS protocol. Eventually we developed web application and showed the ability that it's possible to access it, with the use of RADIUS and LDAP authentication. Therefore we concluded, besides logging into the system, there is also a possibility of logging into the web application within the use of RADIUS and LDAP protocol.
Actions (login required)