[RADIATOR] Questions regarding new release and current roadmap

Heikki Vatiainen hvn at open.com.au
Tue Jul 5 05:39:19 CDT 2016


On 1.7.2016 21.43, Hartmaier Alexander wrote:

> On 2016-06-29 13:32, Nadav Hod wrote:

Hello Alexander, hello Nadav,

>> 2.1)  I haven't dealt with OCSP in the context of RadSec, but rather as a scalable and faster alternative to CTL files in general when dealing with any certificate. Many of our applications already support OCSP, and it would be preferable to use OCSP with stapling than to perform the query from the server each time a certificate needs to be validated.
>>
>> 2.2) EAP methods and LDAPS bindings.

Thanks for the input. I took a note about LDAPS too. Radiator uses 
Net::LDAP which in turns IO::Socket:SSL which can do OCSP. It might be 
that Net::LDAP requires updates to enable OCSP for LDAPS or LDAP with 
Start TLS. We'll need to take a better look at this.

> Async would fix all 'the radiator process is waiting for a DB query/LDAP
> search/... that is slow or unresponsive and doesn't handle any other
> requests for seconds' problem.
> It doesn't require complicated multi-threading but some event look like
> POE/IO::Async/... (please not AnyEvent!).

We have done some work with EV but have not used it within Radiator.

With Radiator there's the possibility of using SQL or LDAP libraries 
that support asynchronous operations which is probably a better fit with 
Radiator.

Related to this, AuthBy RADIUS and its subclasses already support new 
return code (ASYNC) which allows an AuthBy to tell Handler that there is 
an asynchronous call in progress. In case of AuthBy RADIUS, when the 
reply is received, Handler can now move to the next AuthBy when there 
are multiple AuthBys. In other words, AuthBy RADIUS can work like the 
other AuthBys in a stack of AuthBys.

Previously there were two choices:
o the default which is that AuthBy RADIUS returns IGNORE when it has 
proxied the request
o Synchronous flag which tells AuthBy RADIUS to wait for the reply 
before moving on.

Thanks for your input,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, 
NetWare etc.


More information about the radiator mailing list