[nycbug-talk] RADIUS experiences

[Bjorn Nelson]

Ike,

On May 23, 2006, at 2:49 PM, Isaac Levy wrote:

> 1) For a network of 300-5000 users, do the standard unix /etc/
> password files scale sanely?  I mean, the docs have this as the
> default config for user db, which is a type of data backend I'd
> usually have in some other kind of DB.  It just seems like a recipe
> for poor scalability.

But FreeBSD uses berkeley db for it's password database already.   
That's what /etc/pwd.db is for :)

> 2) LDAP backends?  Is this common practice? (I'm concerned about over-
> complexity)

LDAP is cool because it's pretty easy to hook up other apps to it.

> 3) SQL backends?  Is this common practice? (Again, concerned about
> over-complexity)

over-complexity and an extra dependency.  Might be worth it if you  
want to do clustering.

> 4) Custom RADIUS implementations- RADIUS is more or less just a
> protocol, with defined parameters for how it manages the big AAA.
> Since it's the data backend I'm concerned about, (and know a lot
> about how to deal with), I'm thinking of just implementing a simple
> RADIUS server on top of databases I know and love?  I've found a good-
> looking RADIUS library in Python, my favorite language, and I was
> thinking of rolling my own server with a tiny, easily replicatable,
> Python embedded DB.  It seems the simplest route to me, but I'm
> hesitant because I feel there may be best-practicices for heavy
> RADIUS users?  (ISP's, Telcos, anyone managing remote AAA)

You might want to give sqlite a wack, it's really lightweight but  
still supports most of sql.

-Bjorn