Dartmouth College PKI Lab's Greenpass project has developed a method of delegating access authorization to a restricted network for guests visiting another institution. This process was designed to be similar to a person giving a guest a temporary key to a laboratory for use during their visit.
Access to the private network is assumed to be controlled by 802.1x authentication using EAP-TLS with authorization determined by a Radius server. The Greenpass software permits existing authorized users to delegate access rights to their guests.
These web pages describe how the system is implemented and provide instructions for creating a similar installation.
Principal sponsors include:
This research was also supported in part by NSF (CCR-0209144) and AT&T/Internet2.
The Greenpass access delegation system is implemented with a wireless network, at least one switch which supports VLANs, a router and two LINUX based servers. The software architecture makes use of a number of standard UNIX services and some open source software components.
Components developed by the Greenpass project implement a delegation server, an introduction cache server, an authorization cache server and modifications to the FreeRadius server's authorization processing. In order to use other Radius implementations where modifcations are not feasible, a Radius proxy has been developed and will be available soon.
Instructions on setting up a Greenpass system, including hardware needed, software requirements, and environment configuration, can be found on the Building Greenpass page.
Instructions on how to operate a Greenpass system, including "bootstrapping" the system and managing delegations, are detailed on the Running Greenpass page.
Instructions for different OS's to connect to a Greenpass protected wireless network.