Alan Dekok wrote:
Another thing for 2.0.0 (maybe) is to have per-socket configuration. i.e. socket X can have authorization section X, and socket Y can have authorization section Y.
It may not be too hard to add, in fact.
Yup. 300 lines of code. The "listener" sections already had an undocumented "identity" entry. It's now used: listen { ipaddr = ... type = ... identity = foo } ... identity foo { authorize { ... } authenticate { ... } } if the "identity foo" section exists, then the authorize / authenticate / etc. sections in it are used, in preference to the ones not wrapped in "identity". This means that each port that the server is listening on can have completely independent authorize / etc. rules. The "listen" sections currently support per-socket clients via a hack. Those will be moved into the "identity" section, too. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog