README
¶
radau - Radius authentication backend
Radius Authentication REST backend microservice used to manage users and credentials for authentication in a WPA Enterprise setup. The credentials are ready to be passed to a radius server, e.g. the FreeRadius rest module.
Important: Passwords can not be hashed in the database to allow comparison to various authentication methods supported in different clients.
The implementation therefore adheres to these principles:
- Passwords are always generated
- The user's password is only returned on creation
- Passwords can be reset or revoked
Additional features
The API allows for additional attributes to be associated to the user which will be passed to the radius server on authentication
Usage
Requirements
- A PostgreSQL database
Docker
docker network create wifi_db
docker run -d --name wifilogin_db --network wifi_db \
-e POSTGRES_USER=wifi -e POSTGRES_PASSWORD=wifi -e POSTGRES_DB=wifi \
postgres
docker run -d --name wifilogin \
-e API_KEY_MANAGEMENT= -e API_KEY_RADIUS= \
-e DB_HOST=wifilogin_db -e DB_USER=wifi -e DB_PASSWORD=wifi -e DB_DATABASE=wifi \
-p 8080:8080 --network wifi_db \
factorycampus/radau
Available Environment Variables
API_KEY_MANAGEMENT- API Key used for user management (/userand/token)API_KEY_RADIUS- API Key used by radius server (/radius)DB_HOST- Host of the database serverDB_USER- User for database accessDB_PASSWORD- Password for database accessDB_DATABASE- Database to usePORT- Port to serve the API onTOKEN_LENGTH- Length of the generated token, defaults to 32
In Production
Consider these tips:
- Because credentials will be in plaintext, put this service behind a SSL-enabled reverse-proxy and access via HTTPS from Radius
Development
Use the docker-compose.yml in the repo root for development with livereload
Documentation
¶
There is no documentation for this package.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.