(RADIATOR) Secure reliable Radius?

Stefan Moser sm at open.ch
Wed Feb 2 04:36:25 CST 2005 

Hello Mike,

Yep, we'd be interested too. Incidentally, we use Zebedee 
(http://www.winton.org.uk/zebedee) tunnels to achieve a very similar 
effect. However, there's a number of of advantages if something like 
this were built right into Radiator, namely less moving parts (so to 
speak). Another disadvantage of tunnels is that you loose the true IP 
address information because from the perspective of Radiator everything 
is sent to and seems to be coming from 127.0.0.1.

BTW, we also use Zebedee tunnels for communication between RADIUS 
clients* and Radiator. Not to be insolent, but how about a tiny 
proxy-like app running on a client that can translate between local/true 
RADIUS packets (from/to the client app) and remote/reliable RADIUS 
packets (from/to the remote Radiator server). **)

*) at least on clients where we have a say, i.e. Unix boxen
**) I realize the same result can be had by running a Radiator instance 
on the client itself, but I'm thinking of something lighter. And there 
is the license issue, naturally.

cheers
-stefan

Mike McCauley wrote:
> Hi All,
> 
> we are thinking here about a new idea for Radiator, and wondering if anyone 
> else finds it interesting and perhaps useful.
> 
> We are thinking of a new AuthBy RELIABLERADIUS which would open a TCP 
> connection to a remote Radiator and send Radius packets over a TCP transport 
> instead of UDP. The remote Radiator would have a Server RELIABLERADIUS to 
> listen for such requests.
> 
> Clearly, such a TCP connection could also be secured with SSL or TLS, using 
> client and/or server certificates to authenticate each end and encrypt the 
> Radius traffic too.
> 
> The benefits of this would be:
> 
> 1. No more lost packets
> 2. High security encryption of Radius traffic
> 3. mutual authentication of each end of the tcp transport.
> 
> Obviously this provides some of the features that are part of Diameter, and 
> our forthcoming raDiameter product will include these too, but in the 
> meantime....
> 
> anyone interested?

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list