hi,
It's unclear, he may be talking about spreading TLS based EAP methods across multiple FreeRADIUS instances instead of doing session resumption.
thats how I read it - all servers use a state value stored in a REDIS (could be others such as memcache) so that the ongoing session is known as doesnt have to go back to the same server in a cluster (I've recently done the same with a SAML setup)
* Support of external generic CA and CTL for certificate based user authentications
I'm not sure what that means. "generic CAs" ?
well, is this just supporting known CAs - just copy the system cert chain to the FR CA directory..... but ...wouldn't the server cert have to be signed by those CAs as thats the whole point of the CA, mutual trust of client to the server. I'd like to hear more of this idea to understand. alan