On 1.7.2016 21.43, Hartmaier Alexander wrote: > On 2016-06-29 13:32, Nadav Hod wrote:
Hello Alexander, hello Nadav, >> 2.1) I haven't dealt with OCSP in the context of RadSec, but rather as a >> scalable and faster alternative to CTL files in general when dealing with >> any certificate. Many of our applications already support OCSP, and it would >> be preferable to use OCSP with stapling than to perform the query from the >> server each time a certificate needs to be validated. >> >> 2.2) EAP methods and LDAPS bindings. Thanks for the input. I took a note about LDAPS too. Radiator uses Net::LDAP which in turns IO::Socket:SSL which can do OCSP. It might be that Net::LDAP requires updates to enable OCSP for LDAPS or LDAP with Start TLS. We'll need to take a better look at this. > Async would fix all 'the radiator process is waiting for a DB query/LDAP > search/... that is slow or unresponsive and doesn't handle any other > requests for seconds' problem. > It doesn't require complicated multi-threading but some event look like > POE/IO::Async/... (please not AnyEvent!). We have done some work with EV but have not used it within Radiator. With Radiator there's the possibility of using SQL or LDAP libraries that support asynchronous operations which is probably a better fit with Radiator. Related to this, AuthBy RADIUS and its subclasses already support new return code (ASYNC) which allows an AuthBy to tell Handler that there is an asynchronous call in progress. In case of AuthBy RADIUS, when the reply is received, Handler can now move to the next AuthBy when there are multiple AuthBys. In other words, AuthBy RADIUS can work like the other AuthBys in a stack of AuthBys. Previously there were two choices: o the default which is that AuthBy RADIUS returns IGNORE when it has proxied the request o Synchronous flag which tells AuthBy RADIUS to wait for the reply before moving on. Thanks for your input, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator