question about session resumption and reply attributes

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Thu May 28 18:38:13 CEST 2009


On 21/5/09 15:05, Alan DeKok wrote:
> Arran Cudbard-Bell wrote:
>> Yes, so have it tell the outer server... Insert the (attached) snippet
>> into the authorize section of the inner server.
>
> $ git format-patch
>
>    ?
>

It's on my to do list. You may find things getting jiggled around to a 
more sane naming scheme though. :)

>> I believe the User-Name attribute in outer.reply is cached, and
>> available for use on session resumption.
>
>    Yes.
>
>
>> Once you've got the policies moved to post-auth, then any scripts or
>> lookups used for authorisation will only be run once, so far greater
>> efficiency with complex policies. Rejects are still handled properly
>> even within the Post-Auth section (jumps to Post-Auth-Type reject).
>
>    Documentation suggestions are always welcome.

That too. I think leading by example is a better option though.

Arran


-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2



More information about the Freeradius-Users mailing list