RadSec Dynamic Server Discovery
Sebastian Hagedorn
Hagedorn at uni-koeln.de
Tue Jan 12 10:59:50 CET 2016
Hi,
just as information, we explored using the RadSec module of Freeradius
3.0.10 for Eduroam, but while we got it to work locally after the recent
fix, the German Eduroam hub insists we use radsecproxy instead. The main
reason they give is that Freeradius lacks support for Dynamic Server
Discovery. While that feature isn't yet actively used, it's on the roadmap,
so that institutions won't have to proxy via central hubs anymore, but can
discover the right proxy for each realm dynamically via NAPTR/SRV records.
They also claim that it's less secure to expose the RADIUS servers
directly, but I don't really buy that argument.
We will go forward with radsecproxy for the time being, but if Freeradius
gains support for Dynamic Server Discovery in the future, we will
definitely look into that.
--
.:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:.
.:.Regionales Rechenzentrum (RRZK).:.
.:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160112/37b497d4/attachment.sig>
More information about the Freeradius-Users
mailing list