Design question - proxying RADIUS auth request to a backend webservice

[Walter Goulet]

Hi,

I'm looking for some input from the experts to help validate a solution
approach that I've come up with. The problem I'm trying to solve is that
allow NAS equipment and other RADIUS clients to authenticate users against
a proprietary authentication service that uses REST APIs over HTTP.

The solution that I've put together is to use rlm_perl which allows me to
use standard Perl modules to interact with the authentication service. I'm
pretty happy with the results so far in that I am able to build exactly
what I need and authentication against the webservice works just fine.

The question to the list, are there other solution approaches that might be
better? Any significant disadvantages to using rlm_perl as I've described?
Would it be better to write a custom module instead, hoping that by doing
so there may be some performance improvements?

Any input is greatly appreciated.

Walter Goulet
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130217/f6fe0731/attachment.html>