FreeRADIUS, radsec and dnssec
Alan DeKok
aland at deployingradius.com
Thu Apr 6 21:28:41 CEST 2017
On Apr 6, 2017, at 10:53 AM, Brian Julin <BJulin at clarku.edu> wrote:
> Dynamic home servers was the missing ingredient at that time.
> I have seen indications from the core team that they are working
> to address this.
It's sort of in v3, for the trust router work. But not in a way that can be sustained moving forward.
> The further challenge after that is session-aware
> load balancing correctly through a DNS change, and of course closing
> the security loop by validating the realm against server certificates.
>
> It's a pretty big project when you do more than just simple proxying.
> I would not expect it to materialize quickly, but people know the need
> is out there.
In v4, all of the proxying is being moved to modules. It means that proxy.conf becomes harder to configure. BUT things like "proxy to 4 destinations" becomes trivial.
And, adding dynamic DNS to radsec home servers is just a plugin module. i.e. someone could start on it today.
Alan DeKok.
More information about the Freeradius-Users
mailing list