Pathfinder and FreeRADIUS

What is it?

Our open-source Pathfinder library allows applications to easily perform RFC5280-compliant path validation of X.509 certificates.

We've created a patch for the FreeRADIUS 2.0.1 server that allows it to use Pathfinder to validate client certificates for authentication requests. Policy mapping, policy constraints, and more, are all handled transparently.

Current Status:

Pathfinder and this patch for FreeRADIUS are presently under active development.




  • Make sure you have the WvStreams 4.5 library installed.
  • Make sure you have Pathfinder 1.0.0 and libpathfinder-openssl installed and appropriately configured.
  • Make sure you have pkg-config installed, and that it knows about libpathfinder.
  • Apply the patch to a clean freeradius-server-2.0.1 build tree.
  • Run "autoconf" and "autoheader".
  • When running "./configure", specify "--with-pathfinder".
  • Compile and install the freeradius server.
  • At present, pathfinder is always enabled when it is compiled in. No changes to the freeradius configuration are necessary to enable Pathfinder.

Need Help?

Let us know!