--On 12. Januar 2016 um 10:06:42 +0000 A.L.M.Buxey@lboro.ac.uk wrote:
They also claim that it's less secure to expose the RADIUS servers directly, but I don't really buy that argument.
eh? if you just use a national proxy you only need prot 2083 open to those few hosts.
if you use dynamic server discovery you need to open up port 2083 to the whole internet (as you dont know the source addresses of all legitimate RADIUS servers).
I believe their point is that you only expose the proxy, which they recommend to run on different hosts than the actual servers. Anyway, that argument is orthogonal to the one about Dynamic Server Discovery. -- .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.