Why doesn't := "Always match?"

Phil Mayers p.mayers at imperial.ac.uk
Mon Jul 24 12:19:45 CEST 2006


Paul Long wrote:
>>
>> Basically, := is a "force set" operator. In a "check" item, it sets a 
>> check/config pair.

> So "Always matches a check item" just means that a check will be 
> performed and says nothing about the outcome of that check?

check items == config items. config items == attribute/value pairs that 
did not come in the request, are not going in the reply, but are 
attached to the request/reply and represent "configuration" for that 
request. For example, if you have a database with username/password in 
it, you might extract the password from the database into a config item 
"User-Password". This is totally *different* than e.g. a User-Password 
that might be in a PAP request.

So, := means "set this attribute to this value in the config items, 
replacing any others of this name"

The config items are then processed variously against the request items 
to validate or reject the request. Hence "check items" being another 
name - they're used to "check" the request.


>> In a reply item, it sets/forces a reply pair.
>>
>> See doc/aaa.txt
>> - List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>>
>>
> 
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list