On 10/11/11 16:23, Arran Cudbard-Bell wrote:
On 10 Nov 2011, at 16:48, Phil Mayers wrote:
On 10/11/11 14:54, Arran Cudbard-Bell wrote:
If users want to admins want to expose more than the request list they can copy the values across...
Ugh. So rlm_sql all over again... please no!
*if admins want to
So you want to do what? Include the entire control list with the password hashes?
A common use case for similar modules is to EXTRACT the password hash from some database, and give it to FreeRADIUS. So there's a good chance a lot of password hashes will be flying around in the returned JSON. If they're doing PAP, the User-Password field will be in the JSON. And so on. So unless you're going to provide an attribute filtering mechanism (good luck supporting that on the mailing list!) you're going to have to face attribute privacy issues anyway. Does rlm_rest support HTTPS? Anyway, no - that's not what I want. What I *don't* want is to have to do this: update request { Var = "%{reply:Var}" Var2 = "%{control:Var2}" } How about a module config item: modules { rest myserver { # which attributes do we send to the server request_pairs = yes control_pairs = no reply_pairs = no } } However: I'm bikeshedding. There's precisely zero chance I'd use this module, so feel free to ignore me. Cheers, Phil