On Fri, May 31, 2024 at 12:58 PM Bruce Ferrell <bferr...@baywinds.org> wrote:
> Do I personally use it? No. > > What I do know for fact is that there ARE fortune 500 organizations that > DO use it in the damnedest ways because it's noit just authentication. > It's the original AAA; > Authentication, authorization and Accounting. > > We don't tend not to hear from them because it just works... Everytime. > > If it ain't broke, don't "fix" it. > Same for TACACS+ > > > > On 5/29/24 5:10 PM, Jon Gerdes wrote: > > Dear all > > > > Within a recent thread hereabouts: "RADIUS and LDAP", Nick C explained > to me that RADIUS support is likely to die out > > gradually within Guacamole because the library in use - jradius - is > seemingly frozen in time. A quick poke > > around: https://github.com/coova/jradius/ shows it is seemingly unloved. > > > > I'm possibly inclined to move away from RADIUS but it is still nearly > "everywhere" and it is properly "time served". It > > is also a bit weird and quite complicated. However you can do all sorts > of funky things with RADIUS - FreeRADIUS has > > unlang ... > > > > FreeRADIUS: https://networkradius.com/doc/current/index.html is very > well documented too. > > > > What do you think? Is RADIUS something you use? > > > > Cheers > > Jon > > > I feel like I should also clarify that I'm not advocating for it to go away - I actually think RADIUS is quite a good protocol. As Bruce mentioned, it's the original AAA - it's also quite simple and easy to understand and implement. That said, I feel like most AAA activities are headed in the direction of SAML and OAUTH these days, in particular where your identity provider is distinct from your service providers, in many cases to the point where one third party company (Microsoft, Google, Amazon, etc.) actually own and run your Identity Provider "as a service," and many of the applications (Office365, GSuite, SalesForce, Service Now), etc., are run by completely separate 3rd party companies. And all of the information exchange about identity (AAA) is expected to happen over HTTPS channels. While RADIUS is a wonderful and robust protocol, it wasn't built for that environment, and I suspect that most of the lack of interest in it these days has to do with that. Or I could be quite wrong about that - just my opinion/observations. -Nick
