Installing and configuring security mechanisms: Freeradius-MySQL, Freeradius-LDAP, PAM/USB Modules, LinOTP
Νισκόπουλος, Νικόλαος Α.
This master thesis is a compilation of instructions- "how to" guides in order to install and configure security mechanisms that are of crucial importance considering the numerous threats any system administrator has to confront during his daily obligations. The first security mechanism that has been installed and configured was Freeradius combined with MySQL database in Ubuntu 11.10 operating system. The freeradius was installed to a local network and wan configured to authenticate users stored to the SQL database via PAP (Password Authentication Protocol) and EAP-TLS (Extended Authentication Protocol-Transport Layer Security) by using certificates created using the free OpenSSL tool. The second security mechanism was again Freeradius only this time was supported by an LDAP database in Ubuntu 11.10 operating system. The Lightweight Directory Access Protocol (LDAP) is an open standard for accessing directory services, X.500. The protocol runs over transport layer (OSI) where in the internet case is TCP/IP. The directory service is a database that organizes records and improves the procedures of accessing and searching. In this thesis we configure the LDAP database via the web user interface phpldapandmin and JXplorer tool in order to create groups and users who authenticate to our network through freeradius. Furthermore a PAM/USB module was installed in order to authenticate to the Operating System (which was once again Ubuntu 11.10) via USB flash drive without the need of a password. Two factor authentication was also implemented to the OS by using something we possess (USB drive) and something we know (Password). Finally the LinOTP2 tool was installed and configured in order to authenticate to our operating system via One Time Password. The LinOTP server and an application to our mobile which generates the one time passwords are used to achieve the OTP authentication. Additionally we implement two-factor authentication by using a combined password of something that we know and something that we generate real time. The last configuration is a triple factor authentication using the previous two factors (password and phone OTP) in addition to the PAM/USB module that was installed in the third part of this Thesis.