Example Moonshot Policies
Sam Hartman
hartmans at mit.edu
Tue Jul 22 03:56:18 CEST 2014
Hi.
We've been working with Alan to get some changes related to Moonshot
(http://www.project-moonshot.org/ ) into FreeRADIUS.
Thanks to his work, most of our changes are now in the code base.
There's one change not yet integrated related to the support of a trust
router for dynamic realm provisioning.
We're putting together a number of sample policies. In particular:
* Updates to the channel binding virtual server to do correct matching
of ABFAB requests information
* A policy for an ABFAB IDP (home AAA server) to use to verify that
information supplied by the NAS matches what's expected for that NAS
according to a database provisioned by the trust router
* A policy to run on a proxy near the NAS to verify that the NAS is
claiming the correct identity based on client configuration.
None of these policies actually depend on the trust router code that
isn't yet integrated, although most useful configurations where you'd
want to turn on these policies would require that code.
we'd like to supply these sample policies to be included.
For the most part our preference is to give a policy.d file so that it
can be easily updated.
would you prefer that we also contribute commented out code to invoke
this policy at the right places in sites-available?
Should we contribute a sample database module to demonstrate the
database we're using Or would you rather us put that in the trust
router package?
Thanks,
--Sam
More information about the Freeradius-Devel
mailing list