Hi folks. If you've been tracking commits lately, you'll notice a lot
of work on our FreeRADIUS patches and on the trust router code.
We have some functionality working and I wanted to brief people on
that.
The example temporary identity server has been expacted to insert the
generated keys into a sqlite database. We chose sqlite because we'll be
querying the database from a fairly performance critical part of the
RADIUS server. Having a network delay or other interaction with another
service is undesirable. In addition, having sqlite's in-process caching
seems like a better approach than calling out over a network connection
to a database.
We've also enhanced FreeRADIUS to query this database from the server
PSK callback.
As a result, you can generate a temporary identity request and the TIDS
will provision the key for FreeRADIUS.
FreeRADIUS successfully uses provisioned keys.
The big functional blocks we're still working on are the integration of
the temporary identity client in the FReeRADIUS proxy and on the trust
router in the middle.
Code on
git://git.project-moonshot.org/freeradius.git (tr-integ branch)
git://git.project-moonshot.org/trust_router.git (master branch)
--Sam
|