[Serusers] RADIUS authentication: draft-sterman-aaa-sip

Alexander Mayrhofer axelm at nic.at
Wed Oct 29 09:45:00 CET 2003


On (28.10.03 10:46), Jiri Kuthan wrote:
> Unfortunately, there is now no standard for use of RADIUS along
> with SIP. SER users leveraging the combination of these two
> technologies are left with implementation of expired internet 
> drafts. There are some chances that the IETF community revitalizes 
> the document.
> 
> Thus, I would appreciate hearing if any of the active RADIUS/SIP/SER 
> users have had any issues with the RADIUS authentication in SER,
> which is based on draft-sterman-aaa-sip.

Jiri,

as i told you in person on the VON, the module is quite useable at the
moment (and in production here), with the following issues:

- the readiusclient library which the module is using does not support
  vendor-specific attributes, therefore you have to redefine existing
  attribute space rather than defining new ones (this is what the draft
  does). A revamp of the module should probably switch to a different
  backend library (maybe there's something in the freeradius package?)
- the module lacks failover to a secondary radius server. failover seems
  quite straightforward to implement for authentication, which is my major
  concern, so i'd appreciate seeing that in the module. (We didn't have
  problems with that yet because of the stability of our radius server,
  but the day will come for sure  ;). It may be more difficult for
  accounting, but i'm fine with SQL accounting at the moment.
- I'd love to see my radius-alias-patch in the upstream sources. That's
  more of a personal request, because it would save me lot of
  backporting when switching to a new release. I'd appreciate to hear if
  someone considers that stuff useful or even dares to use it ;)

I'd volunteer to help on revitalizing the sterman draft. SIP/SER/RADIUS
might have become a much more widespread solution over the last few
months, so there may be more attention at this time.

cheers

axelm




More information about the sr-users mailing list