[kea-dev] Initial feedback on the new Radius integration
Francis Dupont
fdupont at isc.org
Wed May 23 07:52:09 UTC 2018
Baptiste Jonglez writes:
> As you probably know, I have been developing Radius integration in Kea for
> a non-profit ISP / community network I am a member of. Here is the
> work-in-progress code: https://code.ffdn.org/zorun/kea
>
> I saw that there is a new Radius feature in Kea 1.4 (unfortunately not
> publicly available). Based on its documentation [1], I have a couple of
> questions:
>
> - do you support the Framed-IP-Netmask radius attribute? Our use-case
> involves giving /32 IP addresses to clients, regardless of the actual
> prefix length in Kea's configuration. So we basically use
> Framed-IP-Netmask = 255.255.255.255, would it be interpreted by Kea?
=> it is not supported by Kea itself: it unconditionally puts a
netmask option based on the subnet prefix. This means that with
RADIUS or not you have to patch it before answers are sent...
> - is there a reason for using the original freeradius client library
> (which is unmaintained to the point that you had to patch it locally),
> while radcli [2] is actively maintained and has the same API? We tried
> to discuss this some time ago [3].
=> freeradius client library is maintained (I found a bug in it, sent
a PR with the fix which was merged in hous). The local patch is about
a noy yet integrated PR to add asynchronous communication.
> - your radius implementation is advertised as a hook, but I see that a
> full rebuild of Kea is needed. It seems that part of the implementation
> is built into Kea? We initially tried to implement radius support as a
> hook, but it was really awkward, so we implemented it within Kea.
=> The core Kea was modified to help support but the RADIUSD code
itself it fully in the hook.
> - the host reservation cache looks very nice! This is something we really
> wanted to implement but it looked quite complex to do.
=> it was not so easy to write... Note it made far more changes in
the core Kea than RADIUS.
Thanks
Francis Dupont <fdupont at isc.org>
More information about the kea-dev
mailing list