[RADIATOR] Performance logging

Tuure Vartiainen vartiait at open.com.au
Mon Apr 4 04:05:52 CDT 2016


> On 04 Apr 2016, at 11:24, Hartmaier Alexander <alexander.hartmaier at t-systems.at> wrote:
> On 2016-03-30 15:10, Tuure Vartiainen wrote:
>>> On 30 Mar 2016, at 14:55, Hartmaier Alexander <alexander.hartmaier at t-systems.at> wrote:
>>> we use PEAP-TLS, EAP-PEAP as outer EAP type with EAP-TLS as inner.
>>> Not sure if the outher EAP-PEAP adds any real security as the Radiator
>>> cert is the same one for both types as it only hides the transmission of
>>> the user cert which can be classified like a public key imho.
>> Ack.
> Would you say that using PEAP-TLS for both wired and wireless auth is
> overkill even when both are considered sniffable?

Somewhat yes, I get the idea of anonymizing user’s identity with PEAP, but 
for example with demo test certificates bundled with Radiator, PEAP-TLS 
takes 15 rounds for a single EAP authentication.

>> We’ll add a feature, which will allow the total time along with an on-demand
>> timing to be used through %{...} special format in AuthLogs etc.
> Thanks! Please inform me when it has landed in the patches.

Yes, I’ll reply here.

Tuure Vartiainen <vartiait at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list