Login | Register

About

About -> News -> New AAA and RADIUS support


AAA API and RADIUS enhancements

Generic AAA API

The AAA API represents a set of generic callbacks and structures needed for AAA operations.

The purpose of the API is to move all the AAA specific (Radius) implementations in a single module. The AAA API will hide the implementations details from the modules that want to use AAA support, making it easier to use.

Currently, only one module implements the AAA API - aaa_radius, offering Radius support.

Because both standardized AAA protocols, Radius and Diameter, use lists of attribute-value pairs, the API is designed based on attribute-value pairs, as well.

One of the advantages of using the API is that any module that wishes to do AAA operations does not depend on a certain protocol implementation, therefore it is not linked with a certain AAA library.

Hence, any module that was previously using Radius, for example, is not linked with the radiusclient library any more, which is obviously an advantage, especially when the module uses more than one API (DB, AAA, etc).

The AAA protocol to be used by a module is specified from the script using a so called "aaa_url" that encodes the protocol used and other useful information depending on the protocol.

The way the generic AAA API is used makes it very similar to the generic database API.


The ability to make custom Radius requests directly from the script

This feature is very useful because of its flexibility. Basically, any type of Radius queries can be yielded directly from the script, and also, Radius replies can be inspected for certain attributes.


Radius implementation for the generic AAA API

The handling of Radius AVP "SIP-AVP" (used for fetching variables from the Radius server) was integrated in this module. All SIP-AVPs are automatically and transparently handled by the module, so that this functionality is by default available for all the modules that use Radius.


Module changes

Due to the fact that the modules that were previously using Radius were ported to the generic AAA API, the following changes have been made:

  • auth_radius modules became auth_aaa module
  • group_radius module was merged with group module
  • uri_radius and uri_db were merged with uri module

Page last modified on August 19, 2009, at 11:27 AM