Re: RADIUS shared secret over internet
Hi,
RADSEC
These days, the more proper answer is: RFC6614 http://tools.ietf.org/html/rfc6614 :-) Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
Interesting method by using TLS. This is what i had in mind but couldn't find the answer. The only method i see is through proxying the requests, based on a whitepaper i read - if this is what RFC6614 may contain. What are the roadmap for this? Are there any initial work being done or proof-of-concept work on this? By looking at implementations of TLS (in combination of openssl/gnutls) on other protocols might be similar to this but i may be wrong (i have yet to read on the RFC) as it's another layer taking place. Thanks for the hint. I'll read up on the RFC. Cheers, Muhammad Nuzaihan Bin Kamal Luddin On Tue, 2013-04-09 at 10:13 +0200, Stefan Winter wrote:
Hi,
RADSEC
These days, the more proper answer is: RFC6614
http://tools.ietf.org/html/rfc6614
:-)
Stefan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
As I remmember, Alan mentioned that RADSEC will be implemented in freeRadius 3... On 9.4.2013 10:54, Muhammad Nuzaihan bin Kamal Luddin wrote:
Interesting method by using TLS. This is what i had in mind but couldn't find the answer.
The only method i see is through proxying the requests, based on a whitepaper i read - if this is what RFC6614 may contain.
What are the roadmap for this? Are there any initial work being done or proof-of-concept work on this? By looking at implementations of TLS (in combination of openssl/gnutls) on other protocols might be similar to this but i may be wrong (i have yet to read on the RFC) as it's another layer taking place.
Thanks for the hint. I'll read up on the RFC.
Cheers, Muhammad Nuzaihan Bin Kamal Luddin
On Tue, 2013-04-09 at 10:13 +0200, Stefan Winter wrote:
Hi,
RADSEC These days, the more proper answer is: RFC6614
http://tools.ietf.org/html/rfc6614
:-)
Stefan
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
As I remmember, Alan mentioned that RADSEC will be implemented in freeRadius 3...
correct. you can try/test/run FR3 today from GIT.... but if you want to keep with FR2.x in the meantime you can always have a local proxy eg RadSecProxy which works fine with FR2.x (and each end can do status-server too) alan
Muhammad Nuzaihan wrote:
What are the roadmap for this? Are there any initial work being done or proof-of-concept work on this? By looking at implementations of TLS (in combination of openssl/gnutls) on other protocols might be similar to this but i may be wrong (i have yet to read on the RFC) as it's another layer taking place.
I've been piloting FR3's RADSEC between our campus and our eduroam federation for close to a year now. There were some initial bugs but it's been stable since those were dealt with. Just be sure to turn off max_requests_per_server by setting it to zero. Sometime soon EDUROAM-US is moving to a redundant setup so we'll be able to test any interactions with home server pooling.
participants (6)
-
A.L.M.Buxey@lboro.ac.uk -
Alan Buxey -
Brian Julin -
Marinko Tarlać -
Muhammad Nuzaihan bin Kamal Luddin -
Stefan Winter