(RADIATOR) Secure reliable Radius?

Mike McCauley mikem at open.com.au
Wed Feb 2 04:18:04 CST 2005 

Hello Neil,

On Wednesday 02 February 2005 19:08, Neil Quiogue wrote:
> Hello Mike,
>
>       I'm just curious on one point.
>
>       Would it open a persistent connection (up to a certain number)
>       or would you open a connection for each RADIUS request?  The
>       problem I see is the time it takes to tear down a TCP connection
>       might affect the number of connections it can handle (and of
>       course the usual file handles issue) and of course performance.

I would expect it to open one connection at startup, and try to keep it open 
for as long as possible.

Cheers.

>
> Regards,
>
> Neil Quiogue
>
> Wednesday, February 2, 2005, 2:36:51 PM, you wrote:
>
> MM> Hi All,
>
> MM> we are thinking here about a new idea for Radiator, and wondering if
> anyone MM> else finds it interesting and perhaps useful.
>
> MM> We are thinking of a new AuthBy RELIABLERADIUS which would open a TCP
> MM> connection to a remote Radiator and send Radius packets over a TCP
> transport MM> instead of UDP. The remote Radiator would have a Server
> RELIABLERADIUS to MM> listen for such requests.
>
> MM> Clearly, such a TCP connection could also be secured with SSL or TLS,
> using MM> client and/or server certificates to authenticate each end and
> encrypt the MM> Radius traffic too.
>
> MM> The benefits of this would be:
>
> MM> 1. No more lost packets
> MM> 2. High security encryption of Radius traffic
> MM> 3. mutual authentication of each end of the tcp transport.
>
> MM> Obviously this provides some of the features that are part of Diameter,
> and MM> our forthcoming raDiameter product will include these too, but in
> the MM> meantime....
>
> MM> anyone interested?

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list