cleaning house on radius server?

[Josip Rodin]

On Mon, Jan 17, 2011 at 12:36:54PM -0800, Christ Schlacta wrote:
> I've got a radius server up and running, and I want to clean up my  
> configuration as much as possible.  is it a safe assumption that if I  
> remove a file (actually move it out of the way) and attempt to  
> authenticate a client that if the client can successfully authenticate  
> that everything is working?  is it also safe to assume that any file  
> with no uncommented lines is also safe to remove?  I'm most interrested  
> in removing the SQL directories and all the unused modules in the  
> modules directory.

It is perfectly possible to weed out everything that is not needed - but to
determine what is not needed simply by ad hoc testing wouldn't necessarily
be possible, because there's always the possiblity that you wouldn't be
testing some missing parts of the configuration that are tested by some
other process.

People seem to have thrown around a fair bit of FUD in this thread, but
that's probably because your proposed method seems so shaky.

An example for the "removal" of SQL directories is in the Debian FR packages
where the SQL bits are split out in several separate packages. So e.g.
people who don't install freeradius-mysql also don't get the module's .so
files or configuration fragments, at all.

Yet, we never weeded out other modules and settings because the overhead
seemed negligible - the amount of extra libraries or instantiation work for
most modules is not considerable.

So if you really need to fit FR e.g. into an embedded environment, and you
have your use cases very well defined, it might make sense to bother.
Otherwise, there are probably more worthwhile things to do :)

-- 
     2. That which causes joy or happiness.