Design question - proxying RADIUS auth request to a backend webservice

Alan DeKok aland at
Sun Feb 17 23:23:03 CET 2013

Walter Goulet wrote:
> I'm looking for some input from the experts to help validate a solution
> approach that I've come up with. The problem I'm trying to solve is that
> allow NAS equipment and other RADIUS clients to authenticate users
> against a proprietary authentication service that uses REST APIs over HTTP.

  That works... provided that the backend is fast.

> The solution that I've put together is to use rlm_perl which allows me
> to use standard Perl modules to interact with the authentication
> service. I'm pretty happy with the results so far in that I am able to
> build exactly what I need and authentication against the webservice
> works just fine.

  That's the real test: it works.

> The question to the list, are there other solution approaches that might
> be better? Any significant disadvantages to using rlm_perl as I've
> described? Would it be better to write a custom module instead, hoping
> that by doing so there may be some performance improvements?

  In git "master" there's an rlm_rest module.  That *might* be higher

  But if it works, don't touch it until there are issues.

  Alan DeKok.

More information about the Freeradius-Users mailing list