Radius, Radsec, Diameter [was: Silly question - secure Radius?]
Alan DeKok
aland at ox.org
Mon Jul 11 18:44:18 CEST 2005
Artur Hecker <hecker at enst.fr> wrote:
> you might be right. yet i think that we might ignore some opportunities
> which would be possible/supported by diameter.
Like... what?
> i really believe that current usage produces demand in the same
> manner as demand influences the usage. using additional web-based
> "touches" to trigger server solicitations by the client is indeed
> quite ridiculous.
I'm not sure what you're referring to here.
> the main problem with radius is IMHO its client-server nature. it
> inherently lacks control. also TCP in dimaeter and defined TLS in proxy
> mode might be advantageous.
It shouldn't be too hard to write a radsec implementation. Ideally,
it could leverage the TLS code in rlm_eap.
Alan DeKok.
More information about the Freeradius-Users
mailing list