[RADIATOR] Questions regarding new release and current roadmap
Hartmaier Alexander
alexander.hartmaier at t-systems.at
Wed Jul 6 05:26:37 CDT 2016
On 2016-07-05 12:39, Heikki Vatiainen wrote:
> On 1.7.2016 21.43, Hartmaier Alexander wrote:
>
>> On 2016-06-29 13:32, Nadav Hod wrote:
> Hello Alexander, hello Nadav,
>
>>> 2.1) I haven't dealt with OCSP in the context of RadSec, but rather as a scalable and faster alternative to CTL files in general when dealing with any certificate. Many of our applications already support OCSP, and it would be preferable to use OCSP with stapling than to perform the query from the server each time a certificate needs to be validated.
>>>
>>> 2.2) EAP methods and LDAPS bindings.
> Thanks for the input. I took a note about LDAPS too. Radiator uses
> Net::LDAP which in turns IO::Socket:SSL which can do OCSP. It might be
> that Net::LDAP requires updates to enable OCSP for LDAPS or LDAP with
> Start TLS. We'll need to take a better look at this.
>
>> Async would fix all 'the radiator process is waiting for a DB query/LDAP
>> search/... that is slow or unresponsive and doesn't handle any other
>> requests for seconds' problem.
>> It doesn't require complicated multi-threading but some event look like
>> POE/IO::Async/... (please not AnyEvent!).
> We have done some work with EV but have not used it within Radiator.
>
> With Radiator there's the possibility of using SQL or LDAP libraries
> that support asynchronous operations which is probably a better fit with
> Radiator.
>
> Related to this, AuthBy RADIUS and its subclasses already support new
> return code (ASYNC) which allows an AuthBy to tell Handler that there is
> an asynchronous call in progress. In case of AuthBy RADIUS, when the
> reply is received, Handler can now move to the next AuthBy when there
> are multiple AuthBys. In other words, AuthBy RADIUS can work like the
> other AuthBys in a stack of AuthBys.
>
> Previously there were two choices:
> o the default which is that AuthBy RADIUS returns IGNORE when it has
> proxied the request
> o Synchronous flag which tells AuthBy RADIUS to wait for the reply
> before moving on.
That are great news! We have a radius proxy setup to several customer
radius servers which required hooks to do that without blocking.
Which version/patch introduced that feature? Seems I've missed it.
Would simplify our config quite a bit.
>
> Thanks for your input,
> Heikki
>
Thanks, Alex
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list