Mail[1] to the radsecproxy mailing list Wed, 14 Apr 2010 from Stefan
Winter explaining the radsec-dynsrv.sh and naptr-eduroam.sh scripts.

------------------------------------------------------------
Hi,

the radsec-dynsrv.sh script right now looks up _radsec._tcp.$REALM. For
eduroam, the production discovery will rely on S-NAPTRs of "s" type and
subsequent SRVs.

I have attached a preliminary version of the discovery script which
takes this logic into account. It could use some public scrutiny (where
"public" might very well evaluate to Kolbjørn Barmen, who wrote the SRV
script and knows much more about bash scripting than I do *cough cough*).

As with the other script, you call

naptr-eduroam.sh <realm>

If you need a test case, the DNS domain restena.lu has the NAPTR and the
SRV record live in place. On my system, you get:

> ./naptr-eduroam.sh restena.lu
server dynamic_radsec.restena.lu {
host radius-1.restena.lu:2083
type TLS
}

with our live DNS data (radius-1.restena.lu isn't really
production-ready yet though).

If you're curious, the S-NAPTR for eduroam right now is

x-eduroam:radius.tls

with a possibility of a later IETF allocation of either

aaa:radius.tls (probable)
eduroam:radius.tls (wishful thinking)

, in which case changing the script to use the new ones is trivial.

Greetings,

Stefan Winter
------------------------------------------------------------

[1] https://postlister.uninett.no/sympa/arc/radsecproxy/2010-04/msg00011.html