21 May
2009
21 May
'09
10:05 a.m.
Arran Cudbard-Bell wrote:
Yes, so have it tell the outer server... Insert the (attached) snippet into the authorize section of the inner server.
$ git format-patch ?
I believe the User-Name attribute in outer.reply is cached, and available for use on session resumption.
Yes.
Once you've got the policies moved to post-auth, then any scripts or lookups used for authorisation will only be run once, so far greater efficiency with complex policies. Rejects are still handled properly even within the Post-Auth section (jumps to Post-Auth-Type reject).
Documentation suggestions are always welcome. Alan DeKok.