Archive for August, 2006

There's talk of an 802.1x supplicant consortium

Friday, August 25th, 2006

The Enterprise Strategy Group recently came out with a white paper proposing an open supplicant initiative. This initiative would ideally have wide industry support from commercial organizations, and be based on an Open Source supplicant.

I think it's a great idea.

Cisco has their NAC solution, and Microsoft has NAP, both of which rely on endpoint software for network integrity. As single-vendor solutions are always a concern to some people, there is now a standards body called TNC that's doing something similar.

However, the TNC body doesn't currently have an open supplicant that everyone can use. This is where an open supplicant initiative comes in. The supplicant can implement TNC, and whatever else anyone needs, in an open and standards-based approach.

This is not to say anything bad about Cisco or Microsoft. Their solutions are very interesting and useful. But some people prefer a vendor-independent, and standards-based system to a single-vendor solution.

I think it's high time for an Open Source supplicant to have signficant commercial backing. I hope this effort takes off.

Apple has announced RADIUS in MAC OSX Leopard

Friday, August 18th, 2006

Apple has announced that they're including RADIUS in MAC OSX Leopard. The RADIUS server of choice is naturally FreeRADIUS.

I was given a preview of it at the recent Apple WWDC, and though I can't say much, I'm impressed. It's simple, clean, and solves the basic problems needed by many people who are deploying a RADIUS solution.

Not all of the servers configuration was exposed through the GUI, of course. Instead, the common use-cases were covered, while the potential still exists for creating more complex configurations by hand.

I know I'm excited to see the install base of FreeRADIUS double (or more). This means I'll probably have to include a chapter on Leopard in my book, which is a good thing.

How big is FreeRADIUS?

Sunday, August 6th, 2006

I can't tell for sure, but there are a lot of people using FreeRADIUS. The main FreeRADIUS page says it's in the “top 5″ servers, but that's really a guess based on the following information:

RADIUS Server Software

Maybe the main web page needs updating. I can't think of other RADIUS servers that have as big a market share as the four listed above. And many commercial RADIUS products not listed above use FreeRADIUS as the protocol engine for their product.

In terms of cusomer base, I know of at least 4 deployments with 2 to 8 million users. I know of hundreds of small sites (universities, etc) with tens of thousands of users. Most sites won't let their names be used publicly (for a number of reasons), but if you're planning on deploying FreeRADIUS, you're not alone.

So FreeRADIUS looks to have a significant portion of the RADIUS server market. Without doing more detailed analysis, the best guess is that somewhere between 10% and 50% of RADIUS server installations world-wide are for FreeRADIUS. And with 802.1x deployments becoming ubiquitous, there are likely many, many more people installing FreeRADIUS in home networks with less than 10 users.

That's not bad for a software product with no support staff, no development budget, and no marketing.

I was sure RADIUS was dying…

Friday, August 4th, 2006

5 years ago, I was sure RADIUS was dying. Since then, I've discovered why I was wrong.

Everyone wants RADIUS. You can go to Best Buy, and pick up a Linksys WRT54G for less than $100. You can run OpenWRT on it, which includes packages for FreeRADIUS!

That's cool.

You just can't kill a technology that is ubiquitous, and that everyone wants. Not that I want to do anything to RADIUS… I enjoy working in the space. But there have been many rumors over the past few years about the death of RADIUS.

Don't believe them.