On May 11, 2020, at 8:26 AM, Alan DeKok <aland@deployingradius.com> wrote:
On May 11, 2020, at 8:38 AM, Oleg Pekar <oleg.pekar.2017@gmail.com> wrote:
Dear FreeRADIUS developers, I'm evaluating of implementation of the following features in my local copy of FreeRADIUS for the PoC that I'm building locally:
Which version is this for?
We're trying to do major new features only in v4. However, that's taking longer than expected. So we're OK with minor code changes to v3. But that work cannot involve major code changes. We just don't have the bandwidth to support multiple releases.
That's perfectly clear. What is the current schedule for releasing v4? Are you also planning releasing some beta-version on feature complete milestone before the official release? If I take v4 today as a base for my PoC - what is the current stability level of v4?
* Support of unloading RADIUS/EAP/TLS state to external DB (e.g. Redis) at the end of every RADIUS request processing and locating and loading the state back from the external DB to the application when the next request RADIUS of the same RADIUS session comes. This would be extremely helpful for building scalable clusters of stateless FreeRADIUS servers (I need it for my PoC)
IIRC, that's already supported in v4. I'll check with Arran, as he added that feature.
It's unclear, he may be talking about spreading TLS based EAP methods across multiple FreeRADIUS instances instead of doing session resumption.
If it's session resumption that's already supported in v4.
* Support of external generic CA and CTL for certificate based user authentications
I'm not sure what that means. "generic CAs" ?
Yeah no idea either.
I meant generic ability to work with external CA server that provides Certificate Trusted List services instead of working with the local certificate storage. I don't have any specific API in mind, just need to think about such functionality.
* Support of configurable debug and audit log to external loggers
We have a plan for that in v4. But even there, it involves some fairly serious changes, even if they are largely of the form "change A to B".
See rlm_logtee in v4. It's already there.
-Arran
Few more questions: * Is RadSec over TLS working in v4? My colleague has it working in v3, but not in v4. TCP on the other hand is working fine in v4. * Is it possible to have dynamic authorization messages and responses go over the same RadSec tunnel used for authentication and accounting? In v3? In v4? * Does v4 has backward compatibility for configuration? If we start with v3 - what will be the effort to move to v4 (not including any code changes we can do)? Thank you, Oleg