FreeRADIUS, radsec and dnssec
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Apr 6 21:35:26 CEST 2017
> On Apr 6, 2017, at 3:28 PM, Alan DeKok <aland at deployingradius.com> wrote:
>
> On Apr 6, 2017, at 10:53 AM, Brian Julin <BJulin at clarku.edu> wrote:
>> Dynamic home servers was the missing ingredient at that time.
>> I have seen indications from the core team that they are working
>> to address this.
>
> It's sort of in v3, for the trust router work. But not in a way that can be sustained moving forward.
>
>> The further challenge after that is session-aware
>> load balancing correctly through a DNS change, and of course closing
>> the security loop by validating the realm against server certificates.
>>
>> It's a pretty big project when you do more than just simple proxying.
>> I would not expect it to materialize quickly, but people know the need
>> is out there.
>
> In v4, all of the proxying is being moved to modules. It means that proxy.conf becomes harder to configure. BUT things like "proxy to 4 destinations" becomes trivial.
>
> And, adding dynamic DNS to radsec home servers is just a plugin module. i.e. someone could start on it today.
It's already there pretty much. Just need to add some extra xlats for the different record types.
-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170406/3e5b832c/attachment-0001.sig>
More information about the Freeradius-Users
mailing list