Code review - alternative autz scheme for control sockets

Alan DeKok aland at deployingradius.com
Mon Jan 26 20:42:22 CET 2015


On Jan 26, 2015, at 2:23 PM, A.L.M.Buxey at lboro.ac.uk wrote:
> 
> just wondering why control-socket cant have a network port with eg TLS/auth'd access
> so you can do what it does remotely rather than locally?  :-)

  Because OpenSSL is crap.

  One of the things Arran and I are working on is an IO abstraction layer.  Right now it’s fairly hard to glue SSL into the control socket.  With an IO layer, it will be trivial.

> would need a dedicated 'client; to interact with it..unless it was a 'virtual machine'
> that you could actually 'ssh into'

  You could use “telnet” and “ssltunnel”.

  Alan DeKok.



More information about the Freeradius-Devel mailing list