Conceptually, it is really quite straightforward: the Merit version of
RADIUS supports a "proxy" or "relay" feature whereby requests (may) flow
from one server to another server, if the first server determines that
the request is not resolvable by it _and_ can identify another server
which _can_ resolve the request. This does not mean, try it here and
if it fails, try it over there. But is more of a grand-central-station
or switching/routing idea.
The means by which requests are identified (and re-directed) is through
the use of "realms" attached to the user ID, as in jdoe@foo.bah.com, and
the foo.bah.com is the realm. We try to create realms which match some
authentication domain (where a RADIUS server runs) so that the user is
less confused (it resembles an email address, sort of). :-)
Regards,
web...
-- William Bulley, N8NXN Senior Systems Research Programmer Merit Network Inc. Domain: web@merit.edu 4251 Plymouth Road MaBell: (313) 764-9993 Ann Arbor, Michigan 48105-2785 Fax: (313) 747-3185