can you internally proxy a request more than once?

Phil Mayers p.mayers at imperial.ac.uk
Sat Mar 24 12:53:35 CET 2012


On 03/23/2012 04:02 PM, Brian Julin wrote:
> Not sure, but you should consider running non-virtual instances
> (not that hard to do) and using privilage separation such that
> there is little potential for exposure of your internal authentication
> structure or internally-utilized crypto material to an externally
> presented service.

I'm curious about what you mean here. I don't see the difference between 
a single server performing attribute filter & auth, versus two separate 
processes.

Can you explain what threat model you think this addresses?


More information about the Freeradius-Users mailing list