[RADIATOR] Performance logging
Tuure Vartiainen
vartiait at open.com.au
Mon Apr 4 04:05:52 CDT 2016
Hi,
> On 04 Apr 2016, at 11:24, Hartmaier Alexander <alexander.hartmaier at t-systems.at> wrote:
>
> On 2016-03-30 15:10, Tuure Vartiainen wrote:
>>
>>> On 30 Mar 2016, at 14:55, Hartmaier Alexander <alexander.hartmaier at t-systems.at> wrote:
>>>
>>> we use PEAP-TLS, EAP-PEAP as outer EAP type with EAP-TLS as inner.
>>> Not sure if the outher EAP-PEAP adds any real security as the Radiator
>>> cert is the same one for both types as it only hides the transmission of
>>> the user cert which can be classified like a public key imho.
>>>
>> Ack.
> Would you say that using PEAP-TLS for both wired and wireless auth is
> overkill even when both are considered sniffable?
>
Somewhat yes, I get the idea of anonymizing user’s identity with PEAP, but
for example with demo test certificates bundled with Radiator, PEAP-TLS
takes 15 rounds for a single EAP authentication.
>>
>> We’ll add a feature, which will allow the total time along with an on-demand
>> timing to be used through %{...} special format in AuthLogs etc.
> Thanks! Please inform me when it has landed in the patches.
>
Yes, I’ll reply here.
BR
--
Tuure Vartiainen <vartiait at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list