Kristof:
> But I think freeradius also needs to access the database (could someone
> explain it, please?)
When some remote RADIUS system needs to authenticate a user who claims
to be part of this identity provider's realm, that remote system has to
obtain the credentials into this identity provider that allows it to
submit the RADIUS request. The database is a conduit for the
credentials; the Trust Router system generates them (in the form of the
Temporary IDentity Server) and FreeRADIUS consumes them. The Trust
Router systems deliver a copy of the credentials back to the remote
RADIUS system, which then uses them to access the Identity Provider's
FreeRADIUS system to ask about the user.
Cheers,
--Mark
|