Alan DeKok wrote:
I agree with the last bit.
As for what I'm trying to do, I'm not exactly sure. Maybe in "post-auth", we need to have sub-sections, to make it clear what's run, and where:
post-auth { Access-Accept { ... } Access-Challenge { ... } Access-Reject { ... } }
That would be obvious, at least.
But what should we do when the administrator wants different Post-Auth-Type stanzas for each realm on a multi-realm server? I'm not sure about about it either. Perhaps this approach could be possible: if a check item 'Post-Auth-Type' already exists, we can look for a stanza named %{check:Post-Auth-Type}.%{reply:Packet-Type}. If we found such a stanza, we run the modules we found inside. Otherwise we run the modules in the stanza named %{check:Post-Auth-Type}. (fallback to the current behaviour) -- Nicolas Baradakis