On 5/31/24 11:08 AM, Nick Couchman wrote:
On Fri, May 31, 2024 at 12:58 PM Bruce Ferrell <bferr...@baywinds.org
<mailto:bferr...@baywinds.org>> wrote:
Do I personally use it? No.
What I do know for fact is that there ARE fortune 500 organizations that DO
use it in the damnedest ways because it's noit just authentication. It's the
original AAA;
Authentication, authorization and Accounting.
We don't tend not to hear from them because it just works... Everytime.
If it ain't broke, don't "fix" it.
Same for TACACS+
On 5/29/24 5:10 PM, Jon Gerdes wrote:
> Dear all
>
> Within a recent thread hereabouts: "RADIUS and LDAP", Nick C explained to
me that RADIUS support is likely to die out
> gradually within Guacamole because the library in use - jradius - is
seemingly frozen in time. A quick poke
> around: https://github.com/coova/jradius/ shows it is seemingly unloved.
>
> I'm possibly inclined to move away from RADIUS but it is still nearly "everywhere"
and it is properly "time served". It
> is also a bit weird and quite complicated. However you can do all sorts
of funky things with RADIUS - FreeRADIUS has
> unlang ...
>
> FreeRADIUS: https://networkradius.com/doc/current/index.html is very well
documented too.
>
> What do you think? Is RADIUS something you use?
>
> Cheers
> Jon
>
I feel like I should also clarify that I'm not advocating for it to go away - I actually think RADIUS is quite a good protocol. As Bruce mentioned, it's the original AAA - it's
also quite simple and easy to understand and implement.
That said, I feel like most AAA activities are headed in the direction of SAML and OAUTH these days, in particular where your identity provider is distinct from your service
providers, in many cases to the point where one third party company (Microsoft, Google, Amazon, etc.) actually own and run your Identity Provider "as a service," and many of the
applications (Office365, GSuite, SalesForce, Service Now), etc., are run by completely separate 3rd party companies. And all of the information exchange about identity (AAA) is
expected to happen over HTTPS channels. While RADIUS is a wonderful and robust protocol, it wasn't built for that environment, and I suspect that most of the lack of interest in
it these days has to do with that.
Or I could be quite wrong about that - just my opinion/observations.
-Nick
:)
You forgot about Okta... We know what happened there; Not to mention the gaping
holes that various MS fouls ups allowed in O365/Exchange
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
