Preliminary roadmap
Milestone 1: rewrite (radsecproxy 1.8, June 2019)
| Status | |
|---|---|
|
...
|
...
|
- rewrite supplement attribute
- rewrite modify vendor attribute
- rewrite whitelist
- autodetect status-server capability
Milestone
...
2:
...
community requested features (
...
radsecproxy 1.9,
...
05.2021)
...
| Status | ||||
|---|---|---|---|---|
|
- internal dns resolver for dynamic discovery
- delayed dns resolving
- dns updates after startup
- specify source address/port per server
- Specify OpenSSL options (Ciphers, Protocol-Version) in tls config
- blocking startup for dynamic discovery
Milestone
...
3: dynamic discovery (radsecproxy
...
1.
...
10,
...
Q4 2021)
- internal dns resolver for dynamic discovery
Status colour Blue title testing - server load-balancing
- radius id exhaustion
- server pooling for dynamic discoverySNI support
Milestone 4: DNS (radsecprox 2.0, Q4 2021)
- delayed dns resolving
- dns updates after startup
- reverify active connections after crl reload if cert has been revoked
- server pooling for dynamic discovery
Milestone
...
5: systemd integration: (radsecproxy 2.1,
...
2022)
- config reload
- systemd watchdog
- systemd ready
...
To be implemented whenever required prerequisites are available or specific use-cases apply)
- handle multiple client/server certificates, dynamic certificate assignment (subject to openssl support, we might also consider other ssl libraries such as wolfSSL)
- log contents of attributes
- granular logging config
- use tcp/tls connections bidirectionally (send requests in both directions)
RFC 6929: Remote Authentication Dial-In User Service (RADIUS) Protocol Extensions
RFC 7930: Larger Packets for RADIUS over TCP