Re: Appending attributes post proxy
On Fri 11 Aug 2006 19:41, Alan DeKok wrote:
Peter Nixon <listuser@peternixon.net> wrote:
We are already using "preproxy_users" to modify packets before we send them to downstream servers but I don't see any "postproxy_users" file :-(
It's in the CVS head, for 2.0.
OK Great.
Whats the easiest way to do this? The rewrite module? Is there any reason (other than inertia) why isn't there a "postproxy_users" file?
Nope.
The rlm_files module got massively re-written in the CVS head, so that it can be used in any section. The code ended up being smaller andmore flexible...
Alan, can you give us an idea of you roadmap for radius releases? I get a bit confused as to what code should be going where (esp sqlippool which is not exactly documented yet :-) I assume there will be a 1.1.3 release at some point "real soon now". After that do you plan on switching work to cvs head? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
Peter Nixon <listuser@peternixon.net> wrote:
Alan, can you give us an idea of you roadmap for radius releases? I get a bit confused as to what code should be going where (esp sqlippool which is not exactly documented yet :-)
Yes... I was looking at that yesterday. A configuration file would help, too.
I assume there will be a 1.1.3 release at some point "real soon now". After that do you plan on switching work to cvs head?
Yes. If there's no objection, I'll do 1.1.3 this week. After that, I've been talking with Raghu, who has a patch to fix realms. The old style still works, but you can now separate home servers, and failover lists of home servers, from the realms that they serve. It makes configuration a little more complicated, but much more flexible. Past that, in order of priority: 1) fix the "rad_listen_t" so it doesn't core the server on HUP 2) fix module handling so it doesn't core the server on HUP 3) document the *hell* out of the changes between 1.x and 2.x 4) Move "User-Password" in request->config_items to "Cleartext-Password" The only new thing is #4. I'm tired of the confusion with User-Password being in the request or config items. 2.x has MD5-Password, SHA1-Password, etc. So let's get rid of User-Password, except as something that's in a packet. That will clear up a lot of weirdness in the code, and fix confusion, too. The only magic thing with that is that all modules have to be updated to look for Cleartext-Password rather than User-Password. People's configs will still have User-Password, so the server core has to have ~10 lines of code that renames User-Password to Cleartext-Password. That should fix a *lot* of confusion. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
On Sat 12 Aug 2006 18:10, Alan DeKok wrote:
Peter Nixon <listuser@peternixon.net> wrote:
Alan, can you give us an idea of you roadmap for radius releases? I get a bit confused as to what code should be going where (esp sqlippool which is not exactly documented yet :-)
Yes... I was looking at that yesterday. A configuration file would help, too.
Yeah. I know. It's on my to do list, but I have been really under water the last month or so.
I assume there will be a 1.1.3 release at some point "real soon now". After that do you plan on switching work to cvs head?
Yes. If there's no objection, I'll do 1.1.3 this week.
After that, I've been talking with Raghu, who has a patch to fix realms. The old style still works, but you can now separate home servers, and failover lists of home servers, from the realms that they serve. It makes configuration a little more complicated, but much more flexible.
Past that, in order of priority:
1) fix the "rad_listen_t" so it doesn't core the server on HUP 2) fix module handling so it doesn't core the server on HUP 3) document the *hell* out of the changes between 1.x and 2.x 4) Move "User-Password" in request->config_items to "Cleartext-Password"
The only new thing is #4. I'm tired of the confusion with User-Password being in the request or config items. 2.x has MD5-Password, SHA1-Password, etc. So let's get rid of User-Password, except as something that's in a packet. That will clear up a lot of weirdness in the code, and fix confusion, too.
The only magic thing with that is that all modules have to be updated to look for Cleartext-Password rather than User-Password. People's configs will still have User-Password, so the server core has to have ~10 lines of code that renames User-Password to Cleartext-Password.
That should fix a *lot* of confusion.
Yep. All good things, and all things that seem reasonably straight forward which gives me hope that we should see a 2.0 release candidate in a couple of months? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc
Peter Nixon <listuser@peternixon.net> wrote:
Yep. All good things, and all things that seem reasonably straight forward which gives me hope that we should see a 2.0 release candidate in a couple of months?
Yes. It's *far* past time when we should have released 2.0. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Peter Nixon