SRC-PE 2.0.x C-Web Interface Configuration Guide > Configuring Accounting and Authentication Plug-Ins with the C-Web Interface
> Configuring Authentication Plug-Ins with the C-Web Interface
Configuring Authentication Plug-Ins with the C-Web Interface
Table 14 describes the authentication plug-ins you can configure with the C-Web interface. Because authentication and authorization are similar, the plug-in user interface does not distinguish between them. However, when you configure plug-ins, you need to set them up to perform the correct behavior, either authentication or authorization.
You can configure multiple authentication plug-ins. The plug-ins are called in an arbitrary order, and each plug-in can return authorization values. (If multiple plug-ins return a session-timeout value, the smallest value is used.) Authentication or authorization succeeds if all plug-in calls succeed.
Table 14: Authentication Plug-Ins
|
|
Basic RADIUS authentication
|
Sends authentication information to an external RADIUS authentication server or a group of redundant servers.
Java class name—net.juniper.smgt.sae.plugin.RadiusAuthPluginEventListener
|
Custom RADIUS authentication
|
Provides customized functions that can also be found in the flexible RADIUS authentication plug-ins. Custom plug-ins are internal plug-ins that are designed to deliver better system performance than the flexible RADIUS plug-ins. You can extend this plug-in by using the RADIUS client library.
Java class name—net.juniper.smgt.sae.plugin.CustomRadiusAuth
|
Flexible RADIUS authentication
|
Performs the same functions as the basic RADIUS authentication plug-in, but also lets you customize RADIUS authentication packets that the SAE sends to RADIUS servers. You can specify which fields are included in RADIUS authentication packets and what information is contained in the fields.
Java class name—net.juniper.smgt.sae.plugin.FlexibleRadiusAuthPluginEventListener
|
LDAP authentication
|
Performs authentication against different directories using different authentication methods. There are two LDAP authentication plug-ins: one authenticates subscribers, and the second authenticates SRC administrators so that they can access the SAE Web Admin application.
Java class name of the subscriber authentication plug-in—net.juniper.smgt.sae.plugin.LdapAuthenticator
Java class name of the administrator authentication plug-in—net.juniper.smgt.sae.plugin.adminLdap
|
Limiting subscribers
|
Limits the number of authenticated subscribers who connect to an IP interface on the router.
Java class name—net.juniper.smgt.sae.plugin.LimitNumSubscriberPerIntfAuthPluginListener
|