Archive for December, 2007

In which we define RADIUS practices

Monday, December 17th, 2007

RFC 5080 has just been issued. It's been in progress for over three years now, so I'm personally very happy that it is finally done. As a co-author, it's nice to see it published. As someone who has been working with RADIUS for a long time, it's nice to be able to point to a document that clarifies problems or inconsistencies in previous RFC's.

This document describes common issues seen in Remote Authentication Dial In User Service (RADIUS) implementations and suggests some fixes. Where applicable, ambiguities and errors in previous RADIUS specifications are clarified.

Section 2.1.1 (no hyperlink available yet) documents the practice first implemented in FreeRADIUS: simplified handling of EAP sessions in RADIUS servers. To my knowledge, all RADIUS servers today follow the FreeRADIUS method of handling EAP sessions… even large commercial products.

So if a commercial vendor ever puts down FreeRADIUS, you can politely point out that their software is following our lead.