That are *great* news! Especially the work on sharing state between instances, we had problems with tacacs sessions from Cisco WLCs that authorize on a different server than the authentication happened which lead to non-working user rights.
Regarding logging I'd love to see support for noSQL databases and messages queues like RabbitMQ and Elasticsearch which can be used as log target. I think those features justify a new version, maybe even a major one. Thanks, Alex On 2015-06-18 10:29, Heikki Vatiainen wrote: > There are a number of new features and changes in the current Radiator > 4.14 patches we thought might be of interest for the list members. > > Any comments and questions are welcome. > > > Windows Eventlog logging > ++++++++++++++++++++++++ > New modules AuthLog EVENTLOG and Log EVENTLOG are now included. See > goodies/eventlog.cfg for instructions and more information about DLLs > that are useful, but not required, to set up eventlog. There are both > sources and precompiled binaries for the DLLs in goodies. > > > Clustering control plane support with Gossip framework > ++++++++++++++++++++++++++++++++++++++++++++++++++++++ > Gossip [1] framework with Redis based implementation was recently added > in patches. The purpose of the framework is to allow individual Radiator > instances to share information between each other. > > For example, server farm members can use Gossip to relay next hop proxy > unreachability/reachability information to each other. This allows > faster recovery from failures and other events as opposed to each > instance doing detection and recovery individually. > > The patches have an implementation for this. Radiator instances, not > restricted to just farm members, can share next hop proxy status > information based on Status-Server or lack of responses to normal > requests. In addition, a farm can be configured so that Status-Server is > run by only one member whose responsibility is to send reachability > updates to the other members via Gossip. > > The future uses may include distributing TACACS+ authorisation > information, TLS session tickets, configuration updates or anything a > custom Radiator installation may require. > > > TLS updates > +++++++++++ > TLS and SSL configuration options for TLS based EAP methods and TLS > enabled stream protocol modules, RadSec, Diameter, ServerHTTP, etc., > have been updated. > > New configuration parameters EAPTLS_Ciphers and TLS_Ciphers allows > defining the supported ciphersuites. The current default for the both is > 'DEFAULT:!EXPORT:!LOW'. This should provide the least amount of suprises > when upgrading. > > New configuration parameters EAPTLS_TLS_Protocols and TLS_Protocols are > available for defining which TLS versions (or SSLv3) to support. > > When TLS_Protocols is defined, it overrides UseTLS and UseSSL. > EAPTLS_Protocols is available for restricting supported TLS versions for > TLS based EAP methods. The default is to support all available TLS versions. > > A useful resource for TLS configuration is for example the Mozilla TLS > server guide [2] > > > Server farm > +++++++++++ > Server farm users may be interested in the possibility to use shared > memory for duplicate cache. With this parameter, the > UseContentsForDuplicateDetection parameter is no longer needed. > > > Structured logging > ++++++++++++++++++ > New module LogFormat.pm has examples of how to format Radiator log and > authentication log messages in JSON and CEF (ArcSight Common Event > Format) formats. Configuration sample goodies/logformat.cfg has more > information about how to create a custom module for your local logging > requirements. > > > > [1] https://en.wikipedia.org/wiki/Gossip_protocol > [2] https://wiki.mozilla.org/Security/Server_Side_TLS > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
