FreeRADIUS, radsec and dnssec
a.cudbardb at freeradius.org
Thu Apr 6 21:35:26 CEST 2017
> On Apr 6, 2017, at 3:28 PM, Alan DeKok <aland at deployingradius.com> wrote:
> On Apr 6, 2017, at 10:53 AM, Brian Julin <BJulin at clarku.edu> wrote:
>> Dynamic home servers was the missing ingredient at that time.
>> I have seen indications from the core team that they are working
>> to address this.
> It's sort of in v3, for the trust router work. But not in a way that can be sustained moving forward.
>> The further challenge after that is session-aware
>> load balancing correctly through a DNS change, and of course closing
>> the security loop by validating the realm against server certificates.
>> It's a pretty big project when you do more than just simple proxying.
>> I would not expect it to materialize quickly, but people know the need
>> is out there.
> In v4, all of the proxying is being moved to modules. It means that proxy.conf becomes harder to configure. BUT things like "proxy to 4 destinations" becomes trivial.
> And, adding dynamic DNS to radsec home servers is just a plugin module. i.e. someone could start on it today.
It's already there pretty much. Just need to add some extra xlats for the different record types.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Freeradius-Users