Nicolas Baradakis <nbk@sitadelle.com> wrote:
Until now it's the only method to get reply items from a SQL database: you have to use the "authorize_reply_query" directive. I'm not using LDAP, but I think this module adds VP to the reply packet during authorize, too.
Yes.
Is it reasonable to modify the SQL queries in version 2.0? We could get only the check items in authorize, and the reply items will be pulled later in post-auth. (only if login is successful)
Yes.
As the failed login attempts represent a significant part of the total RADIUS traffic, this should notably reduce the load of the backend database. (we don't query reply items if not needed)
Yes. We'll just have to document it. I'll start a page on migration from 1.x to 2.x, and document some of the changes I've made. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog