question about session resumption and reply attributes
aland at deployingradius.com
Thu May 21 16:05:39 CEST 2009
Arran Cudbard-Bell wrote:
> Yes, so have it tell the outer server... Insert the (attached) snippet
> into the authorize section of the inner server.
$ git format-patch
> I believe the User-Name attribute in outer.reply is cached, and
> available for use on session resumption.
> Once you've got the policies moved to post-auth, then any scripts or
> lookups used for authorisation will only be run once, so far greater
> efficiency with complex policies. Rejects are still handled properly
> even within the Post-Auth section (jumps to Post-Auth-Type reject).
Documentation suggestions are always welcome.
More information about the Freeradius-Users