This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
PhilToepp
Beginner
Beginner
‎2019-08-30 10:28 AM

RADIUS Version

Jump to solution

We are using Authentication Manager 8.2.0.3.0.  Does this use RADIUS version 1.0 or 2.0?  Also, does it use MSCHAPv2 or PAP for its protocol?

0 Likes
Reply
1 Solution

Accepted Solutions
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2019-09-03 12:56 PM

Jump to solution

Phil Toepp‌,

 

To get the RADIUS version look at the RADIUS date.log.  Today's log will be named 20190903.log.  At the top will be the version information.  For Authentication Manager 8.2, for instance, the version information would be:

rsaadmin@am82p:/opt/rsa/am/radius> cat 20190903.log
09/03/2019 11:35:17 Version: v6.23.2

 

As for your CHAP question:  CHAP uses a three-way handshake. This is done upon initial link establishment, and MAY be repeated anytime after the link has been established. After the Link Establishment phase is complete, the authenticator sends a challenge message to the peer. The peer responds with a value calculated using a one-way hash function. The authenticator checks the response against its own calculation of the expected hash value.  If the values match, the authentication is acknowledged; otherwise the connection SHOULD be terminated. This handshake is essentially closed off from outside protocols such as our RADIUS server trying to feed the New Pin Mode or Next PRN Mode strings.

 

CHAP is not a supported protocol with the RSA RADIUS Implementation.  It is possible for a vendor to encode their CHAP implementation to permit our prompt strings but this is not an RSA issue.


PAP provides an open exchange of prompts between the server and client that permit New Pin Mode and Next PRN mode to work. PAP is supported by RSA RADIUS implementation.  We work with PAP, EAP, PEAP, EAP-POTP, EAP-TTLS.

 

Regards,

Erica

View solution in original post

Reply
1 Reply
_EricaChalfin
Employee (Retired) Employee (Retired)
Employee (Retired)
‎2019-09-03 12:56 PM

Jump to solution

Phil Toepp‌,

 

To get the RADIUS version look at the RADIUS date.log.  Today's log will be named 20190903.log.  At the top will be the version information.  For Authentication Manager 8.2, for instance, the version information would be:

rsaadmin@am82p:/opt/rsa/am/radius> cat 20190903.log
09/03/2019 11:35:17 Version: v6.23.2

 

As for your CHAP question:  CHAP uses a three-way handshake. This is done upon initial link establishment, and MAY be repeated anytime after the link has been established. After the Link Establishment phase is complete, the authenticator sends a challenge message to the peer. The peer responds with a value calculated using a one-way hash function. The authenticator checks the response against its own calculation of the expected hash value.  If the values match, the authentication is acknowledged; otherwise the connection SHOULD be terminated. This handshake is essentially closed off from outside protocols such as our RADIUS server trying to feed the New Pin Mode or Next PRN Mode strings.

 

CHAP is not a supported protocol with the RSA RADIUS Implementation.  It is possible for a vendor to encode their CHAP implementation to permit our prompt strings but this is not an RSA issue.


PAP provides an open exchange of prompts between the server and client that permit New Pin Mode and Next PRN mode to work. PAP is supported by RSA RADIUS implementation.  We work with PAP, EAP, PEAP, EAP-POTP, EAP-TTLS.

 

Regards,

Erica

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.