can you internally proxy a request more than once?
Phil Mayers
p.mayers at imperial.ac.uk
Sat Mar 24 12:53:35 CET 2012
On 03/23/2012 04:02 PM, Brian Julin wrote:
> Not sure, but you should consider running non-virtual instances
> (not that hard to do) and using privilage separation such that
> there is little potential for exposure of your internal authentication
> structure or internally-utilized crypto material to an externally
> presented service.
I'm curious about what you mean here. I don't see the difference between
a single server performing attribute filter & auth, versus two separate
processes.
Can you explain what threat model you think this addresses?
More information about the Freeradius-Users
mailing list