| 基于 eduroam 的跨域无线接入解决方案 |
| |
| 作者姓名: | 王丽 曾珊 夏明山 齐法制 陈刚 谢建军 胡笑然 董科军 |
| |
| 作者单位: | 1. 中国科学院高能物理研究所,北京 100049;
2. 中国科学院计算机网络信息中心,北京 100190 |
| |
| 摘 要: | eduroam (education roaming,教育漫游) 满足了授权用户在成员高校和科研机构之间自由、安全的使用无线网络,提高了网络接入效率。eduroam 在无线网络的接入认证时,应用 IEEE 802.1x 协议,采用 RADIUS 协议进行认证。本文分析了 eduroam 架构和认证过程,在高能所网络环境中部署实践了 eduroam 认证环境,验证了账号认证和签发证书认证的可行性,并提出在认证过程中对 LDAP 明文密码的 NT hash 加密存储方法。分析证明,该方法简化了 eduroam 部署,提高了认证效率和安全性。
|
| 关 键 词: | eduroam RADIUS 协议 LDAP |
| 收稿时间: | 2016-01-10 |
A World-Wide Wireless Access Solution Based on eduroam |
| |
| Authors: | Wang Li Zeng Shan Xia Mingshan Qi Fazhi Chen Gang Xie Jianjun Hu Xiaoran Dong Kejun |
| |
| Affiliation: | 1. Institute of High Energy Physics, Chinese Academy of Sciences, Beijing 100049, China;
2. Computer Network Information Center, Chinese Academy of Sciences, Beijing 100190, China |
| |
| Abstract: | eduroam (education roaming,) is a secure, world-wide roaming wireless access service developed for international research and education community. Its purpose is to set up a wireless LAN roaming infrastructure for the authorized users to facilitate the wireless access freely and securely among the member institutions. eduroam uses IEEE 802.1x protocol and RADIUS protocol for wireless network access authentication. In this paper, the eduroam architecture and authentication processes are analyzed;eduroam has been deployed in IHEP network environment, and the practice verifies the practicability of the account authentication and certificate authentication; in addition, NT hash encryption algorithm for LDAP storage of password is proposed for the authentication processes. Analysis shows that the method simplifies the deployment and improves the efficiency of authenticate and security of the system. |
| |
| Keywords: | eduroam RADIUS protocol LDAP |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
|
