Re: (PM) Radius (fwd)

Karl Denninger (karl@Mcs.Net)
Thu, 6 Nov 1997 16:41:47 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "Re: (PM) Radius (fwd)"
Previous message: Karl Denninger : "Re: (PM) Radius (fwd)"
In reply to: Karl Denninger : "Re: (PM) Radius (fwd)"

On Thu, Nov 06, 1997 at 02:20:13PM -0800, MegaZone wrote:
> Once upon a time Jacob Suter shaped the electrons to say...
> >But still, radius is supposed to be a security system right? The BBS
>
> Right - and not a resource allocation protocol.
>
> There is also a BIG difference between single point restriction and
> distributed restrictions.
>
> Several RADIUS servers claim to do it, there is *one* that I know of that
> really does it properly. I believe Cistron uses an SNMP backchannel to
> check and eliminate the race conditions inherent in RADIUS. Any system
> relying solely on RADIUS packets is fundamentally flawed.

SNMP doesn't do it either. The time required to do an SNMP lookup across a
universe of systems is not going to work. You're still counting on an
external piece of information to "point you at" the place to look.

There IS a way to get very, very close to 100% accurate on this without
needing to query back to the box for verification.

--
-- 
Karl Denninger (karl@MCS.Net)| MCSNet - Serving Chicagoland and Wisconsin
http://www.mcs.net/~karl     | T1's from $600 monthly to FULL DS-3 Service
			     | NEW! K56Flex modem support is now available
Voice: [+1 312 803-MCS1 x219]| 56kbps DIGITAL ISDN DOV on analog lines!
Fax:   [+1 312 803-4929]     | 2 FULL DS-3 Internet links; 400Mbps B/W Internal
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.





 Next message: MegaZone: "Re: (PM) Radius (fwd)"
 Previous message: Karl Denninger : "Re: (PM) Radius (fwd)"
 In reply to: Karl Denninger : "Re: (PM) Radius (fwd)"