question about session resumption and reply attributes

Arran Cudbard-Bell a.cudbard-bell at sussex.ac.uk
Thu May 21 11:35:16 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Arran Cudbard-Bell wrote:
> Hi,
>>> No. You should be running through your authorisation policies
>>> on session resumption. All policies should be moved to the
>>> post-auth section of the outer server.
>>>
>> but only the inner server knows the real id etc ?
>>
> Yes, so have it tell the outer server... Insert the (attached)
> snippet into the authorize section of the inner server.
* at the bottom of the authorize section of the inner server.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkoVIFQACgkQcaklux5oVKK33wCfdq4CkOvX7PAGwhL56KSLcyTk
3qoAn2HcsVUpaFZpQJmhd4VB28eCdyRi
=utZd
-----END PGP SIGNATURE-----




More information about the Freeradius-Users mailing list