On 03/23/2012 04:02 PM, Brian Julin wrote:
Not sure, but you should consider running non-virtual instances (not that hard to do) and using privilage separation such that there is little potential for exposure of your internal authentication structure or internally-utilized crypto material to an externally presented service.
I'm curious about what you mean here. I don't see the difference between a single server performing attribute filter & auth, versus two separate processes.
Can you explain what threat model you think this addresses? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
