Hi: I am interested in using the CRL feature in the R1.0.0 freeRADIUS release. The documentation/comments in the radiusd.conf file are the only piece I was able to get out. Is there any other documentation on this feature in the freeRADIUS release. We are using CISCO ACS server as well as the MS IAS AAA server and both of them support the CDP (CRL distribution point) attribute in the X509 cert for EAP-TLS. Does freeRADIUS have any similar feature where the CRL would be hosted online at a particular web-page/URL (using the PKI infrastructure) and the CDP points to that for lookup at a set frequency to update the CRL. If this CDP feature is available in freeRADIUS and anyone uses it, can you provide me info. on it. If not what's the best way to add it. One way I've thought of adding it (not one of the best methods - but can work) is to write a wrapper program/script that would get periodically invoked and
do a fetch from a CRL web-page (that comes from the x509 cert CDP) on a periodic basis through a cron job. Once the script gets the CRL it would update the cert dir by adding cert/CRL hash in the cert path (automating the manual CRL way through the same script). The only place this solution gets stuck at is that once the CRL list is updated and placed in the CRL/cert dir the freeRADIUS server needs to be restarted. Is there a way to change the radiusd.conf params without restarting the radiusd server (something like fastusers --> fastradiusd???) Any help or suggestion is appreciated. Thanks. Regards, Mohammed. Mohammed H. Petiwala Senior Staff Engineer iDEN-WLAN, Motorola Inc. __________________________________ Do you Yahoo!? Y! Messenger - Communicate in real time. Download now. http://messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html