[RADIATOR] Questions regarding new release and current roadmap
hvn at open.com.au
Tue Jul 5 05:39:19 CDT 2016
On 1.7.2016 21.43, Hartmaier Alexander wrote:
> On 2016-06-29 13:32, Nadav Hod wrote:
Hello Alexander, hello Nadav,
>> 2.1) I haven't dealt with OCSP in the context of RadSec, but rather as a scalable and faster alternative to CTL files in general when dealing with any certificate. Many of our applications already support OCSP, and it would be preferable to use OCSP with stapling than to perform the query from the server each time a certificate needs to be validated.
>> 2.2) EAP methods and LDAPS bindings.
Thanks for the input. I took a note about LDAPS too. Radiator uses
Net::LDAP which in turns IO::Socket:SSL which can do OCSP. It might be
that Net::LDAP requires updates to enable OCSP for LDAPS or LDAP with
Start TLS. We'll need to take a better look at this.
> Async would fix all 'the radiator process is waiting for a DB query/LDAP
> search/... that is slow or unresponsive and doesn't handle any other
> requests for seconds' problem.
> It doesn't require complicated multi-threading but some event look like
> POE/IO::Async/... (please not AnyEvent!).
We have done some work with EV but have not used it within Radiator.
With Radiator there's the possibility of using SQL or LDAP libraries
that support asynchronous operations which is probably a better fit with
Related to this, AuthBy RADIUS and its subclasses already support new
return code (ASYNC) which allows an AuthBy to tell Handler that there is
an asynchronous call in progress. In case of AuthBy RADIUS, when the
reply is received, Handler can now move to the next AuthBy when there
are multiple AuthBys. In other words, AuthBy RADIUS can work like the
other AuthBys in a stack of AuthBys.
Previously there were two choices:
o the default which is that AuthBy RADIUS returns IGNORE when it has
proxied the request
o Synchronous flag which tells AuthBy RADIUS to wait for the reply
before moving on.
Thanks for your input,
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
More information about the radiator