First steps towards RadSec support

Alan DeKok aland at deployingradius.com
Fri Sep 18 14:09:29 CEST 2009


Arran Cudbard-Bell wrote:
> Wasn't one of the points in the RFC that TCP is mature and implemented properly in most modern operating systems...

  The "RADIUS over TCP" document is really just an into to RadSec, which
is RADIUS over SSL over TCP.

  Using RADIUS over TCP all by itself is really not a good idea.  For
NAS to server communication, there isn't enough traffic to keep TCP
happy.  For inter-server proxying, it has no more security and privacy
than normal RADIUS.

  Alan DeKok.



More information about the Freeradius-Users mailing list