(RADIATOR) Secure reliable Radius?
Mike McCauley
mikem at open.com.au
Wed Feb 2 00:36:51 CST 2005
Hi All,
we are thinking here about a new idea for Radiator, and wondering if anyone
else finds it interesting and perhaps useful.
We are thinking of a new AuthBy RELIABLERADIUS which would open a TCP
connection to a remote Radiator and send Radius packets over a TCP transport
instead of UDP. The remote Radiator would have a Server RELIABLERADIUS to
listen for such requests.
Clearly, such a TCP connection could also be secured with SSL or TLS, using
client and/or server certificates to authenticate each end and encrypt the
Radius traffic too.
The benefits of this would be:
1. No more lost packets
2. High security encryption of Radius traffic
3. mutual authentication of each end of the tcp transport.
Obviously this provides some of the features that are part of Diameter, and
our forthcoming raDiameter product will include these too, but in the
meantime....
anyone interested?
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list