(RADIATOR) about RadSec

[Mike McCauley]

Hello Kiran,


On Wed, 2005-07-06 at 14:43 +0200, gullapalli wrote:
> hi,
> Thanx for your quick response regrading my pevious quiery( about RadSec).
> So according to your answer that when Access-Request reaches the local
> RADIUS server it will forms the TCP connection with the remote RADIUS
> server. So because tunnel is formed secret key between these two RADIUS
> servers is not necessary, but to satisfy RADIUS protocol specification we
> will take a dumb secret(common) and then calculate the request
> authenticator. This is what I understood from RadSec white paper and also
> from your response. 
That is correct.


> So now my problem is to form this TCP connection we
> need IP address, but in our application this IP addreses of all the RADIUS
> servers is stored in a central database, based on RADIUS request
> parameters we will get this IP address from central database, is it
> possible with RadSec to have this IP address dynamically based upon RADIUS
> request or need to be some predefined list of IP addresses? 
You need to configure each RadSec connection into the Radiator
configuration file, in a similar way to AuthBy RADIUS. There is no
support for determining the target RadSec server based on the contents
of the request as can be done with AuthBy SQLRADIUS.

It might be possible to do such a thing with a hook, but we have not
tried it.

> And with this
> storing them in central database will lead to any future security
> problems?
> thanx
> Kiran Kumar Gullapalli
> 
> 
> 
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.