RadSec Dynamic Server Discovery

Sebastian Hagedorn Hagedorn at uni-koeln.de
Tue Jan 12 10:59:50 CET 2016


just as information, we explored using the RadSec module of Freeradius 
3.0.10 for Eduroam, but while we got it to work locally after the recent 
fix, the German Eduroam hub insists we use radsecproxy instead. The main 
reason they give is that Freeradius lacks support for Dynamic Server 
Discovery. While that feature isn't yet actively used, it's on the roadmap, 
so that institutions won't have to proxy via central hubs anymore, but can 
discover the right proxy for each realm dynamically via NAPTR/SRV records.
They also claim that it's less secure to expose the RADIUS servers 
directly, but I don't really buy that argument.

We will go forward with radsecproxy for the time being, but if Freeradius 
gains support for Dynamic Server Discovery in the future, we will 
definitely look into that.
    .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
                 .:.Regionales Rechenzentrum (RRZK).:.
   .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160112/37b497d4/attachment.sig>

More information about the Freeradius-Users mailing list