Hi, On Thu, Jul 28, 2005 at 11:53:56AM +0200, Nicolas Baradakis wrote:
Alan DeKok wrote:
I agree with the last bit.
As for what I'm trying to do, I'm not exactly sure. Maybe in "post-auth", we need to have sub-sections, to make it clear what's run, and where:
post-auth { Access-Accept { ... } Access-Challenge { ... } Access-Reject { ... } }
That would be obvious, at least.
But what should we do when the administrator wants different Post-Auth-Type stanzas for each realm on a multi-realm server?
I'm not sure about about it either. Perhaps this approach could be possible: if a check item 'Post-Auth-Type' already exists, we can look for a stanza named %{check:Post-Auth-Type}.%{reply:Packet-Type}. If we found such a stanza, we run the modules we found inside. Otherwise we run the modules in the stanza named %{check:Post-Auth-Type}. (fallback to the current behaviour)
<tongue loosely in cheeck> I see I definitely did choose the right approach in OpenRADIUS to leave that sort of decision wholly to the administrator, and to put that sort of logic on a layer well above the server code. Cheers, Emile -- E-Advies - Emile van Bergen emile@e-advies.nl tel. +31 (0)70 3906153 http://www.e-advies.nl