Hi:
I am interested in using the CRL feature in the R1.0.0
freeRADIUS release.
The documentation/comments in the radiusd.conf file
are the only piece I was able to get out.
Is there any other documentation on this feature in
the freeRADIUS release.
We are using CISCO ACS server as well as the MS IAS
AAA server and both of them support the CDP (CRL
distribution point)
attribute in the X509 cert for EAP-TLS. Does
freeRADIUS have any similar feature where the CRL
would be hosted online at a particular
web-page/URL (using the PKI infrastructure) and the
CDP points to that for lookup at a set frequency to
update the CRL.
If this CDP feature is available in freeRADIUS and
anyone uses it, can you provide me info. on it.
If not what's the best way to add it.
One way I've thought of adding it (not one of the best
methods - but can work) is to write a wrapper
program/script that would get periodically invoked and
do a fetch from a CRL web-page (that comes from the
x509 cert CDP) on a periodic basis through a cron job.
Once the script gets the CRL it would update the cert
dir by adding cert/CRL hash in the cert path
(automating the manual CRL way through the same
script). The only place this solution gets stuck at is
that once the CRL list is updated and placed in the
CRL/cert dir the freeRADIUS server needs to be
restarted.
Is there a way to change the radiusd.conf params
without restarting the radiusd server (something like
fastusers --> fastradiusd???)
Any help or suggestion is appreciated.
Thanks.
Regards,
Mohammed.
Mohammed H. Petiwala
Senior Staff Engineer
iDEN-WLAN,
Motorola Inc.
__________________________________
Do you Yahoo!?
Y! Messenger - Communicate in real time. Download now.
http://messenger.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
