On 09/02/2011 09:43 AM, Norman Elton wrote:
I'm beginning the process of replacing a home-grown RADIUS server with freeradius, a good idea on many many fronts. The server will interact with our backend databases in order to determine attributes to inject into the access-accept messages. For initial development, I've begun work on a perl script that is interacting with freeradius 2.1.10. I'm a little alarmed that a malfunctioning perl script can segfault the entire server. I was hoping that freeradius could compartmentalize a failing script, restarting it as necessary.
Admittedly, during development, my scripts are not production-ready, and there are lots of safety checks that simply aren't there. But I'm worried that, going into production, we'll discover an unexpected corner-case that crashes our entire radius infrastructure (not a good thing).
Is the best practice simply to make sure you're scripts are bullet-proof? Or is there a more stable method of interacting with an external resource? I chosen rlm_perl because the script didn't need to be instantiated every time (as with rlm_exec), but perhaps we'd be better off relying on rlm_exec if it is more tolerant of corner-case failures.
Of course a script error shouldn't segfault the server. It would have been much more useful if you had explained what the script error was and a stack trace from the segfault. -- John Dennis <jdennis@redhat.com> Looking to carve out IT costs? www.redhat.com/carveoutcosts/