documentation and project organization (Was: Using LDAP with EAP-TLS)
John Dennis
jdennis at redhat.com
Mon May 16 17:20:37 CEST 2011
On 05/16/2011 10:13 AM, Alexandros Gougousoudis wrote:
> Phil, I also understand a lot of things and I can read, but the
> documentation of FR is not ideal. I've googled around, looked examples
> and had more questions than before. Where are all these features
> documented, like the "if then"-things in the conf, all the keywords like
> "ok=return" and so on, what's the difference between Autz-Type and
> Auth-Type? The only thing to get help is here on the list, on the net
> you find a lot infos to FR 1.1 and 2 (one is deployinradius and one the
> FR site) sites containing a little bit information, no much more than
> the conf-files coming with the FR-archive. I'am not complaining, because
> it's an open source project, but you should note that it's sometimes not
> the lack of understanding than the lack of well documented features. And
> if I can't find the infos I need in the docs, I start to try things out.
+1
I have to agree, the lack of comprehensive documentation, including an
overview of concepts and the flow of operations is the greatest
impediment to the success of FreeRADIUS as an open source project. The
power and flexibility of FreeRADIUS is awesome, Alan and the other
developers have done a wonderful job of providing the open source
community with a fantastic piece of critical software. They have
excelled at constant innovation and timely bug fixes. The response on
the mailing is exceptional.
But all these positive attributes are sometimes negated by the
difficulty of understanding the system. Many justifiably feel
configuring FreeRADIUS is a black art. It's often been pointed out that
config files, doc directory and the wiki contains all you need to know.
There is a modicum of truth in that. But the reality is it's very
difficult to locate, extract, interpret and interpolate the missing
pieces to form a functioning mental model in order to accomplish a
specific deployment task.
I've worked with FreeRADIUS for a while now and I'm still confounded
things I don't know, incorrect expectations of behavior (e.g. != does
not work for group testing). There are things which as far as I can tell
are simply not documented. Just last week I had to help someone who was
frustrated by the inability to add attributes to successfully proxied
Auth-Accept's using a users file. By reading the source I found the
postproxy_users_file config, as far as I could tell this is completely
undocumented. When it comes to supporting users "Use the source Luke"
isn't viable.
I'd like to suggest the next most import task item for the team is not
the 3.0 release, it's not any change to the code base. Rather the single
most import task is producing comprehensive documentation collected in a
single location augmented with cookbook examples of how to solve common
deployment problems.
I'll wager the time spent on this list answering questions will greatly
diminish thus providing free time for feature enhancements and bug
fixes. I'm also concerned at the obvious frustration expressed countless
times on this list were folks have spent days, weeks, or in some cases
months beating their heads against the wall in frustration. There will
be a tipping point at some point in the future where that frustration
will doom the project as it gets replaced by an alternative or forked.
I've been in open source long enough to have seen this scenario play out
multiple times.
Just my 2 cents, worth what you paid for it :-) I'll now return you to
your regular scheduled programming :-)
And in case you missed it above, Alan and everyone else have done a
wonderful job and provided a fantastic service to the community. All I'm
suggesting here is the task priorities need to be tweaked a bit.
P.S.:
One thing which has been lacking in the project is public list of the
project team. One might make the assumption Alan is the sole
contributor, if so then that's truly amazing. But I'm going to guess
others are involved. We would like to thank them as well and perhaps
have some more insight into the project's organization. At best all I've
been able to do in intuit based on reading this list and the dev list
over an extended period that some list participants seem to have such an
extensive knowledge it suggests to me they must be on the development
team, either that or just like myself they've spent a lot of time
reading the source code out of necessity. Questions like, what is the
project's timeline, what is upcoming in new releases, what is the
anticipated release schedule, how is the project organized, who are
significant players and what are their roles are information unusually
published by open source projects but have been missing (maybe just
another example of missing documentation?).
--
John Dennis <jdennis at redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeradius-Users
mailing list