On 2016-07-05 12:39, Heikki Vatiainen wrote: > On 1.7.2016 21.43, Hartmaier Alexander wrote: > >> On 2016-06-29 13:32, Nadav Hod wrote: > Hello Alexander, hello Nadav, > >>> 2.1) I haven't dealt with OCSP in the context of RadSec, but rather as a >>> scalable and faster alternative to CTL files in general when dealing with >>> any certificate. Many of our applications already support OCSP, and it >>> would be preferable to use OCSP with stapling than to perform the query >>> from the server each time a certificate needs to be validated. >>> >>> 2.2) EAP methods and LDAPS bindings. > Thanks for the input. I took a note about LDAPS too. Radiator uses > Net::LDAP which in turns IO::Socket:SSL which can do OCSP. It might be > that Net::LDAP requires updates to enable OCSP for LDAPS or LDAP with > Start TLS. We'll need to take a better look at this. > >> Async would fix all 'the radiator process is waiting for a DB query/LDAP >> search/... that is slow or unresponsive and doesn't handle any other >> requests for seconds' problem. >> It doesn't require complicated multi-threading but some event look like >> POE/IO::Async/... (please not AnyEvent!). > We have done some work with EV but have not used it within Radiator. > > With Radiator there's the possibility of using SQL or LDAP libraries > that support asynchronous operations which is probably a better fit with > Radiator. > > Related to this, AuthBy RADIUS and its subclasses already support new > return code (ASYNC) which allows an AuthBy to tell Handler that there is > an asynchronous call in progress. In case of AuthBy RADIUS, when the > reply is received, Handler can now move to the next AuthBy when there > are multiple AuthBys. In other words, AuthBy RADIUS can work like the > other AuthBys in a stack of AuthBys. > > Previously there were two choices: > o the default which is that AuthBy RADIUS returns IGNORE when it has > proxied the request > o Synchronous flag which tells AuthBy RADIUS to wait for the reply > before moving on. That are great news! We have a radius proxy setup to several customer radius servers which required hooks to do that without blocking. Which version/patch introduced that feature? Seems I've missed it. Would simplify our config quite a bit. > > Thanks for your input, > Heikki > Thanks, Alex
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
