The Moonshot code can be configured to work without RADSEC.
However, in many deployments, that's probably a bad decision. The
problem is that session keys used between the client and server are then
transported uover unencrypted RADSEC.
In addition, other privacy-sensitive information is transported
unencrypted.
This tends to be more sensitive than the information needed for network
access. So, when a lot of us have evaluated using moonshot we've
concluded that we should deploy with RADSEC. However the software can
be configured with a UDP-based RADIUS server just as easily.
--Sam
|