radrelay integration & other issues

Alan DeKok aland at nitros9.org
Wed Jul 5 23:23:04 CEST 2006


  I've been looking into the issues surrounding adding radrelay to the
server.  While it's made some things better, it's made other things
worse.

  In the future, I'd like to add tacacs+ to RADIUS gatewaying (bug
#254), and radsec.  After working on it for a while, it appears to be
easier and better to do these as separate gateways, rather than
integrating them into the server.

  So... maybe pulling radrelay out of the server isn't a bad idea,
either.  We could take a page from "radzap", and make radrelay into a
tiny program that runs radclient, and sends the data to a server.  It
could even start the server itself, and monitor the server for process
death.  So it could still *look* like one program, even if 3-4 are
running behind the scenes.

  That would be simpler and easier to manage.

  Comments?  Flames?  Other priorities?

  Alan DeKok.



More information about the Freeradius-Devel mailing list