doc/rlm_sql is wrong?

Phil Mayers p.mayers at imperial.ac.uk
Mon Jan 8 20:38:08 CET 2007


I've been looking at using rlm_sql to replace a fairly complex set of 
Autz-Type and rlm_passwd maps. Primarily this is to speed up updates 
when e.g. blocking systems and not have to HUP the server.

The doc/rlm_sql file states that processing is done with pairs of 
check/reply items at a time - that is, first the user check items are 
compared and if matches the reply items added; then for each group (in 
order of priority) the group check items are compared and if match the 
reply items added.

The code in rlm_sql.c definitely does not do that, at least in 1.1.3 as 
far as I can understand the code? Instead it appears to smoosh the user 
and all the group check items together, compares them, and if they *all* 
match adds *all* the reply items.

This seems to make groups pretty useless except for using the SQL-Group 
construct in the users file.

Comments?



More information about the Freeradius-Users mailing list