Radius, Radsec, Diameter [was: Silly question - secure Radius?]
Josh Howlett
Josh.Howlett at bristol.ac.uk
Thu Jul 14 20:24:22 CEST 2005
On Thu, 14 Jul 2005, Alan DeKok wrote:
> Artur Hecker <hecker at enst.fr> wrote:
> > - server-initiated messaging
> > the strict client-server design of radius (imho amplified by the use of
> > the conn-less UDP) does not allow for server-initiated commands such as
> > "disconnect" or "force re-authorization on profile changes" (very
> > important with PBM)
>
> Huh? See the "disconnect request" packets. Radclient even supports
> this!
I think the point the original poster was making was that Diameter
allows arbitrary conversations between NASes and servers that are
initiated by either party, via "applications", in an extensible manner.
Sure, the original RADIUS spec has been hacked around retrospectively to
provide some server-initiated functionality, but it's never been very
elegant.
josh.
------------------------------------------------------------
Josh Howlett, Networking & Digital Communications,
Information Systems & Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: josh.howlett at bris.ac.uk
------------------------------------------------------------
More information about the Freeradius-Users
mailing list