29 Oct
2003
29 Oct
'03
10:45 a.m.
On (28.10.03 10:46), Jiri Kuthan wrote:
Unfortunately, there is now no standard for use of
RADIUS along
with SIP. SER users leveraging the combination of these two
technologies are left with implementation of expired internet
drafts. There are some chances that the IETF community revitalizes
the document.
Thus, I would appreciate hearing if any of the active RADIUS/SIP/SER
users have had any issues with the RADIUS authentication in SER,
which is based on draft-sterman-aaa-sip.
Jiri,
as i told you in person on the VON, the module is quite useable at the
moment (and in production here), with the following issues:
- the readiusclient library which the module is using does not support
vendor-specific attributes, therefore you have to redefine existing
attribute space rather than defining new ones (this is what the draft
does). A revamp of the module should probably switch to a different
backend library (maybe there's something in the freeradius package?)
- the module lacks failover to a secondary radius server. failover seems
quite straightforward to implement for authentication, which is my major
concern, so i'd appreciate seeing that in the module. (We didn't have
problems with that yet because of the stability of our radius server,
but the day will come for sure ;). It may be more difficult for
accounting, but i'm fine with SQL accounting at the moment.
- I'd love to see my radius-alias-patch in the upstream sources. That's
more of a personal request, because it would save me lot of
backporting when switching to a new release. I'd appreciate to hear if
someone considers that stuff useful or even dares to use it ;)
I'd volunteer to help on revitalizing the sterman draft. SIP/SER/RADIUS
might have become a much more widespread solution over the last few
months, so there may be more attention at this time.
cheers
axelm