New Features Development Question

Alan Buxey alan.buxey at gmail.com
Sat May 16 12:42:00 CEST 2020


hi,

> It's unclear, he may be talking about spreading TLS based EAP methods across multiple FreeRADIUS instances instead of doing session resumption.

thats how I read it - all servers use a state value stored in a REDIS
(could be others such as memcache) so that the ongoing session is
known as doesnt have to go back to the
same server in a cluster (I've recently done the same with a SAML setup)

> >> * Support of external generic CA and CTL for certificate based user
> >> authentications
> >
> >   I'm not sure what that means.  "generic CAs" ?

well, is this just supporting known CAs - just copy the system cert
chain to the FR CA directory..... but ...wouldn't the server cert have
to be signed by those CAs
as thats the whole point of the CA, mutual trust of client to the
server. I'd like to hear more of this idea to understand.

alan


More information about the Freeradius-Devel mailing list