Preliminary roadmap
Milestone 1: rewrite (radsecproxy 1.8, June 2019) TESTING
- rewrite supplement attribute
- rewrite modify vendor attribute
- rewrite whitelist
- autodetect status-server capability
Milestone 2: DNS (radsecprox 1.9, End 2019)
- internal dns resolver for dynamic discovery
- delayed dns resolving
- dns updates after startup
- specify source address/port per server
Milestone 3: load-balancing and pooling (radsecproxy 2.0, Mid 2020)
- server load-balancing
- radius id exhaustion
- server pooling for dynamic discovery
- reverify active connections after crl reload if cert has been revoked
Milestone 4: systemd integration: (radsecproxy 2.1, End 2020)
- config reload
- systemd watchdog
- systemd ready
Misc stuff :
To be implemented whenever required prerequisites are available or specific use-cases apply
- handle multiple client/server certificates, dynamic certificate assignment (subject to openssl support, we might also consider other ssl libraries such as wolfSSL)
- log contents of attributes
- granular logging config
- use tcp/tls connections bidirectionally (send requests in both directions)
RFC 6929: Remote Authentication Dial-In User Service (RADIUS) Protocol Extensions
RFC 7930: Larger Packets for RADIUS over TCP