There are 46 hunt groups, 100 Realms, 51 remote authorization servers, 500,000+ Authentications in August 1995. See http://home.merit.edu/webstuff/harris/harris.html for all the details.
Another 100 realms and another 10 huntgroups are expected in the next year.
Merit provides dial access for 15 years. Provide IP access to 200 institutions in Michigan.
A Transition is convering from dial to system to dial to net. Moving from a Merit-developed code on a PDP11 to a commercial off-the-shelf system. From Limited authorization to distributed authorization.
Merit is using Livingston Portmasters and RADIUS authentication.
Each institutions runs it's own authentication server. During authentication, the user enters a userid@realm to get the correct authentication server. There is a helper server that gets RADIUS to talk to the right authentication server.
There are some Merit-specifically extensions that can be obtained directly from Merit. The rest of it is supposed to be obtained from Livingston.
Folks running the authorization server can use a wide variety of different systems (includes kerberos, tacacs, etc...).
Radius provides for encryption and since each site runs its own authentication server, the site is solely responsible their own authentication.
Right now a helper is used, but eventually, Merit hopes to eliminate the helper.
Merit is working on a shared dial policy to permit folks to share hunt groups. This is not yet implemented.
Handling mulltipass authentication protocols -- We would like to have just one authentication protocol of some kind. (EAP)
How to set rates?
Error recovery is an issue.
How to get status information.
Sources can be found at ftp://ftp.merit.edu/radius/releases and ftp://ftp.livingston.com/pub/radius
What about server mirroring? Not happening yet.
How do folks get notified when they have to be knocked off?
Using a fixed session length seems to be a good interim solution.