Sam Hartman wrote:
> The example temporary identity server has been expacted to insert the
> generated keys into a sqlite database. We chose sqlite because we'll be
> querying the database from a fairly performance critical part of the
> RADIUS server. Having a network delay or other interaction with another
> service is undesirable. In addition, having sqlite's in-process caching
> seems like a better approach than calling out over a network connection
> to a database.
That makes sense. In case you didn't see, the "master" branch has a
completely re-written SQLite driver. If you're using that, it should
work well.
> We've also enhanced FreeRADIUS to query this database from the server
> PSK callback.
That makes sense.
> As a result, you can generate a temporary identity request and the TIDS
> will provision the key for FreeRADIUS.
> FreeRADIUS successfully uses provisioned keys.
Nice!
> The big functional blocks we're still working on are the integration of
> the temporary identity client in the FReeRADIUS proxy and on the trust
> router in the middle.
Let me know if you have any questions.
> Code on
> git://git.project-moonshot.org/freeradius.git (tr-integ branch)
> git://git.project-moonshot.org/trust_router.git (master branch)
I'll take a look.
Alan DeKok.
|