question about session resumption and reply attributes

Alan DeKok aland at
Thu May 21 16:05:39 CEST 2009

Arran Cudbard-Bell wrote:
> Yes, so have it tell the outer server... Insert the (attached) snippet
> into the authorize section of the inner server.

$ git format-patch


> I believe the User-Name attribute in outer.reply is cached, and
> available for use on session resumption. 


> Once you've got the policies moved to post-auth, then any scripts or
> lookups used for authorisation will only be run once, so far greater
> efficiency with complex policies. Rejects are still handled properly
> even within the Post-Auth section (jumps to Post-Auth-Type reject).

  Documentation suggestions are always welcome.

  Alan DeKok.

More information about the Freeradius-Users mailing list