Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 27 May 2025 21:40:57 +0000 (UTC)
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        Andrew Wood <andrew1tree@gmail.com>
Cc:        freebsd-current@freebsd.org
Subject:   Re: Implementing RADSEC
Message-ID:  <03o36766-85q7-s58q-362o-910p561o24so@yvfgf.mnoonqbm.arg>
In-Reply-To: <9F26B64E-126D-49E2-8E56-D3CE3C946072@gmail.com>
References:  <9F26B64E-126D-49E2-8E56-D3CE3C946072@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 27 May 2025, Andrew Wood wrote:

> Hi all,
>
> Apologies if this is the wrong place to go, I don't really have any contributing experience. I was curious and looking around FreeBSD's RADIUS implementation and noticed what appears to be a lack of RADSEC (RADIUS over TLS) in the OS's source code. Granted, there IS a port named "radsecproxy" that allows users to make use of it, but my personal thinking/opinion is that if using RADIUS as a NAS (Network Access Server) is available natively through pam_radius then perhaps if we want a "security by default" approach we should add radsec to libradius and open up native use of RADSEC. Additionally, there's an IETF draft in the works deprecating the use of UDP or TLS-less UDP (https://datatracker.ietf.org/doc/draft-ietf-radext-deprecating-radius/), which may or may not add some importance to something like this.
>
> Thus, I come here asking, do y'all think it would be worth it or a good idea for me to work on adding in TLS support for RADIUS, or am I best off letting the port that already exists for it use it?

Maybe ask on net@  There may be more folks intereted in the topic.

There (is|was) other software in ports like Radiator or freeradius
which will do both and proxying is part of all of it.

Deprecating RADIUS/UDP will take longer than getting rid of IPv4 if
anyone asks me ;-)

What but pam is using libradius in base?  ppp and hostapd?  But hostapd has
it's own, so it's pam and ppp.  Counting days of their use... I guess.

/bz

-- 
Bjoern A. Zeeb                                                     r15:7

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03o36766-85q7-s58q-362o-910p561o24so>