On 17/02/11 14:37, Brian Candler wrote:
I can think of a few ways of implementing this:
* Using bpf (like radsniff) to capture the live requests and responses.
Forward a copy of the request to a second process, which would somehow
be jailed to a loopback interface, and then compare the responses.
* Have some sort of forking proxy, which takes one input packet and sends
it to two places, A and B. It would take either the A or B response and
return it to the client. It could even vote on them (e.g. Access-Accept
takes precedence over Access-Reject)
This is only going to work for the simpler authentication mechanisms -
PAP and so forth.
It won't work for EAP, because the server challenge state incorporates
random numbers.
Honestly, I think you are better off relying on proper testing & change
control.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html