(RADIATOR) Secure reliable Radius?

Hugh Irvine hugh at open.com.au
Wed Feb 2 04:11:06 CST 2005 

Hello Neil -

The TCP connection would be maintained permanently between the two 
Radiator instances (unless it drops of course, in which case the 
connection would be re-established automatically).

regards

Hugh


On 2 Feb 2005, at 12:08, Neil Quiogue wrote:

> Hello Mike,
>
>       I'm just curious on one point.
>
>       Would it open a persistent connection (up to a certain number)
>       or would you open a connection for each RADIUS request?  The
>       problem I see is the time it takes to tear down a TCP connection
>       might affect the number of connections it can handle (and of
>       course the usual file handles issue) and of course performance.
>
> Regards,
>
> Neil Quiogue
>
> Wednesday, February 2, 2005, 2:36:51 PM, you wrote:
>
> MM> Hi All,
>
> MM> we are thinking here about a new idea for Radiator, and wondering 
> if anyone
> MM> else finds it interesting and perhaps useful.
>
> MM> We are thinking of a new AuthBy RELIABLERADIUS which would open a 
> TCP
> MM> connection to a remote Radiator and send Radius packets over a TCP 
> transport
> MM> instead of UDP. The remote Radiator would have a Server 
> RELIABLERADIUS to
> MM> listen for such requests.
>
> MM> Clearly, such a TCP connection could also be secured with SSL or 
> TLS, using
> MM> client and/or server certificates to authenticate each end and 
> encrypt the
> MM> Radius traffic too.
>
> MM> The benefits of this would be:
>
> MM> 1. No more lost packets
> MM> 2. High security encryption of Radius traffic
> MM> 3. mutual authentication of each end of the tcp transport.
>
> MM> Obviously this provides some of the features that are part of 
> Diameter, and
> MM> our forthcoming raDiameter product will include these too, but in 
> the
> MM> meantime....
>
> MM> anyone interested?
>
>
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive 
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list