Alan DeKok wrote:
I see the patch you're referring to, but after rethinking my question, I think what I'm really trying to do is rewrite $RAD_REQUEST, not $RAD_REPLY, and it does not appear that I can alter $RAD_REQUEST in any way - either change or add.
Hmm... looking into it in a little more detail, I think it would be even easier to do it another way. The code in CVS head has been updated to allow for ":=", to over-write existing attributes. But I think it might be even easier to simply use the hashes as-is, and replace the existing attribute lists.
Sounds good. I assume you'll include %RAD_CHECK, as well as %RAD_REQUEST and %RAD_REPLY in this change. That would bring rlm_perl into line with other authentication modules, which can alter any of the three attribute lists.
i.e. put the attributes into perl hashes, and then make those perl hashes definitive for the new values of the attributes. This would involve throwing away the previous attributes entirely. So you would have to be *very* careful about modifying the hashes, but you would have complete flexibility.
What would be likely to happen if I screw up one of the attribute hashes? If that just screws up the current RADIUS request, I'd say go for it; I'm happy to have the power to shoot myself in the foot. But if it could crash the radiusd, well, I guess I'll have to be *very*, *VERY* careful. -- George C. Kaplan gckaplan@ack.berkeley.edu IST - Infrastructure Services 510-643-0496 University of California at Berkeley