Stefan has just noticed that the trustrouter code fails kind of spectacularly if you don't have a trustrouter configured. My recommendation is that if trustrouter is null/empty string/the string "none" (set in rlm_realm.c as the default) that tr_query_realm should return NULL. Here's a patch I've confirmed compiles but have not tested. I'm unfortunately in the middle of something else and it'll be a bit before I can test. Stefan, can you confirm that this helps your problem and especially that it doesn't break trustrouter usage? diff --git a/src/modules/rlm_realm/trustrouter.c b/src/modules/rlm_realm/trustrouter.c index 338f497..47ed024 100644 --- a/src/modules/rlm_realm/trustrouter.c +++ b/src/modules/rlm_realm/trustrouter.c @@ -355,6 +355,9 @@ REALM *tr_query_realm(REQUEST *request, char const *realm, struct resp_opaque cookie; if (!realm) return NULL; + if (!trustrouter || (strcmp(trustrouter, "none") == 0)) + return NULL; + /* clear the cookie structure */ memset (&cookie, 0, sizeof(cookie));