The Mac Orchard - HomeHelpFAQALEMIAForumsDrew's Picks

Server Applications


Company Page Home Page Release Notes License:
Commercial; see text.

Current Version: 4.6 (February 5, 2010)

Open System Consultants Pty Ltd produces Radiator, one of two RADIUS implementations for the Mac that I'm aware of. Radiator is written in Perl and runs an just about any OS, including Mac OS 9 and Mac OS X.

Version 4.6 makes the following changes:

  • Improved AuthLog SYSLOG to support multiple SYSLOG clauses with different LogHost and LogSock options. No comnpatible with multiple Log SYSLOG clauses. Reported by "Martin van der Walle".
  • Improvements to example init script for Linux in linux-radiator.init, to be compliant with LSB requirements in
  • AuthBy LDAP2 now detects LDAP_INVALID_DN_SYNTAX errors and interprets them as a per-request error and not a connection failure. When LDAP_INVALID_DN_SYNTAX error occurs, the LDAP connection wil not be shut down. Requested by Dawn Lovell.
  • Fixed a problem in Server TACACSPLUS where an AuthorizeGroup of the formAuthorizeGroup group1 permit service=shell cmd\* {autocmd="telnet"} would result in the autocmd being sent incorrectly with 2 equals signs.
  • AuthBy SQLYUBIKEY now supports static passwords in any format supported by Radiator, including plaintext, {SHA}, {crypt}, {MD5}, {rcrypt}, {mysql}, {mssql}, {nthash}, {dechpwd}, {NS-MTA-MD5}, {clear} etc. TranslatePasswordHook is also supported. Suggested by Jerome Fleury.
  • Minor updates to Yubikey documentation to reflect the fact that AES keys must be programmed into each Yubikey before being imported into the SQLYUBIKEY database. Changes to AuthBy SQLYUBIKEY default SQL queries to work better with databases where the tokenID and AES key are in Hex. Yubikey keys may now be present in the database in either hex (no spaces) or base64 format. But the default queries assume the Token ID and AES secret are in Hex, and that there is a one-to-one mapping between users and Yubikeys. Other options are available with custom SQL queries.
  • Fixed a problem in AuthBy SQLYUBIKEY where it would sometimes incorrectly detect a replay attack in during multiple authentication of the same Yubikey session. General improvements to the AuthBy SQLYUBIKEY replay detection. Replay detection now uses the session counter and the session_use counter. The timestamp is not used. The database column that previously held the timestamp_low is used for the session_use counter. The database column that previously held the timestamp_high is not used.
  • Updated install.html installation instructions for Windows.
  • Improvements to AuthBy EAPBALANCE and AuthBy HASHBALANCE to work better in multi-AP roaming TTLS/PEAP session resumption environments. The default behaviour of AuthBy HASHBALANCE is to compute the HASH based on the same attributes as the EAP context. This prevents false detection of loss of continuity in EAP streams. AuthBy EAPBALANCE now sets the State in all replies in an EAP stream, not just the first, in order to work correctly with some non-compliant APs. AuthBy HASHBALANCE is deprecated in favour of AuthBy EAPBALANCE in any EAP-capable environment.
  • In Server DIAMETER, fixed a problem that prevented some RADIUS reply attributes being correctly translated into Diameter reply attributes.
  • Added new module AuthBy SQLMOTP for MOTP authentication, a new strong, two-factor authentication with mobile phones. See for details.
  • In diapwtst, fixed a problem that would result in an incorrect status report: "Unexpected result code: DIAMETER_SUCCESS".
  • Improvements to the internal structure of, making it easier to override handling of specific Diameter request types.
  • Fixed a problem with AuthBy VOLUMEBALANCE, where if multiple failed hosts are configured with FailureBackoffTime of 0, it was possible for a request to be handed to each host in turn forever.
  • Added new sample configuration file goodies/crypto-mas.cfg, showing how to proxy requests to the Cryptocard MAS (Managed Authentication Service) CRYPTO-MAS. See
  • Added new parameter MaxTargetHosts to AuthBy VOLUMEBALANCE. Limits the number of different hosts a request will be proxied to in the case of no reply. Defaults to 0 which mean no limit: if the load balancer does not receive a reply from a host, it will keep trying until all hosts are exhausted.
  • Improvements tp RPM spec file to permit installation with Perls that do not include /usr/lib/perl5/site_perl/, such as SLES. Reported by Frank Messie.
  • Improvements to the rpm: make target so the RPM build correctly uses the local perl version number for links in the Perl lib. Contributed by Bjoern.
  • Updated expired test certificates.
  • Fixed a problem with incorrect type in replies to proxied Change-Filter-Request. Reported by Belmont Cheung.
  • Added support for UpdateQuery in SessionDatabase SQL. Patch supplied by Jose Borges Ferreira.
  • Added support for RFC 4818 compliant packing and unpacking of Delegated-IPv6-Prefix. Added new dictionary type ipv6prefix.
  • The TacacsPlus group cache GroupCacheFile now uses the IP address of the client as part of the key, so that in situations where the group name depends on the client the correct group name wil be retrieved.
  • Some Expiration check items in the sample users file had actually expired, causing the test suite to incorrectly fail on tests 2l, 2m, 3g and 3h.
  • Fixed a problem that could cause incorrect authentication of HOTP passwords with leading zeroes.
  • Added support for TOTP (Time-based one-time-passwords) as specified in draft-mraihi-totp-timebased-04.txt. Sample configuration and database schema included.

The software is available for online purchase for $840 - $7,140.

User Reviews

Currently, no user reviews have been submitted. Send me yours!

Also See . . .

Can't find what you're looking for? Try a search:

Also, if you have an older Mac, be sure to check out the "Classic" applications page for more options.

Finally, take a look at ALEMIA if you think you know that name of an application, but aren't quite sure.

Built Into Mac OS X

Mac OS X has a huge amount of TCP/IP-based server software built into it that I don't specifically cover here. Your "Sharing" Preference Pane allows you to enable and disable these services with a click of the mouse. The software running behind the scenes to provide many of these services is generally of the open source variety. The standard release of Mac OS X includes, among many others:

  • Apache httpd (web server; enabled via the Sharing Preference Pane).
  • Postfix (mail server; see Mac OS X Hints for more information).
  • tnftpd (FTP server; enabled via the Sharing Preference Pane).
  • OpenSSH (Secure Shell server; enabled via the Sharing Preference Pane via "Remote Login" but additionally configurable via selected applications listed on this page).
  • BIND (Domain Name System server; see Mac OS X Hints for more information).
  • Samba (Windows file sharing; enabled via the Sharing Preference Pane).
  • XFree86 (X Window server; enabled via the "X11" application in your "Utilities" folder, if you elected to install it with Mac OS X).

Of course, Mac OS X Server includes many more, in addition to offering more recent versions of many of the above servers.

Related Links

Graham Orndorff has written a superb collection of articles on setting up email servers and secure email clients on Mac OS X.

Also Consider . . .

These are applications that are newer and of potential interest, but which I haven't yet selected for permanent inclusion. Have a look, and let me know if you think they deserve to be part of the permanent collection!