Radius, Radsec, Diameter [was: Silly question - secure Radius?]

Alan DeKok aland at ox.org
Mon Jul 11 18:44:18 CEST 2005


Artur Hecker <hecker at enst.fr> wrote:
> you might be right. yet i think that we might ignore some opportunities 
> which would be possible/supported by diameter.

  Like... what?

> i really believe that current usage produces demand in the same
> manner as demand influences the usage. using additional web-based
> "touches" to trigger server solicitations by the client is indeed
> quite ridiculous.

  I'm not sure what you're referring to here.

> the main problem with radius is IMHO its client-server nature. it 
> inherently lacks control. also TCP in dimaeter and defined TLS in proxy 
> mode might be advantageous.

  It shouldn't be too hard to write a radsec implementation.  Ideally,
it could leverage the TLS code in rlm_eap.

  Alan DeKok.



More information about the Freeradius-Users mailing list