racct and radpostauth

Alan DeKok aland at deployingradius.com
Fri Sep 9 16:57:51 CEST 2011


Bjørn Mork wrote:
> No, of course not.  But it may be useful in some settings.

  That's why FR is configurable.  People do all kinds of crazy things
with it.  But those things don't make it into the default config.

> And I really cannot see anything in the above RFC quote which forbids
> sending radius accounting packets without providing a service.  It just
> states when packets should be sent, and says nothing about when the
> shouldn't be sent.

  The RFCs are silent on a *lot* of issues.  A narrow interpretation of
the RFCs would mean that nothing was permitted.  A wide interpretation
would mean that nearly everything is permitted.

  A sane approach is to take the middle road.  In this case, what 99.9%
of deployments have been doing for 15 years: Rejects don't generate
accounting sessions.

> Of course, you may choose to read RFC 2866 as "anything not explicitly
> allowed, is forbidden", but I don't think you'll ever make a vendor read
> the RFCs like that..

  Vendors don't read the RFCs.  Really.

  Alan DeKok.



More information about the Freeradius-Users mailing list