post-auth and post-proxy subsections (was: Deprecated features)
Emile van Bergen
emile-fr at evbergen.xs4all.nl
Thu Jul 28 16:30:44 CEST 2005
Hi,
On Thu, Jul 28, 2005 at 11:53:56AM +0200, Nicolas Baradakis wrote:
> Alan DeKok wrote:
>
> > I agree with the last bit.
> >
> > As for what I'm trying to do, I'm not exactly sure. Maybe in
> > "post-auth", we need to have sub-sections, to make it clear what's
> > run, and where:
> >
> > post-auth {
> > Access-Accept {
> > ...
> > }
> > Access-Challenge {
> > ...
> > }
> > Access-Reject {
> > ...
> > }
> > }
> >
> > That would be obvious, at least.
>
> But what should we do when the administrator wants different Post-Auth-Type
> stanzas for each realm on a multi-realm server?
>
> I'm not sure about about it either. Perhaps this approach could be
> possible: if a check item 'Post-Auth-Type' already exists, we can look
> for a stanza named %{check:Post-Auth-Type}.%{reply:Packet-Type}. If we
> found such a stanza, we run the modules we found inside. Otherwise we
> run the modules in the stanza named %{check:Post-Auth-Type}. (fallback
> to the current behaviour)
<tongue loosely in cheeck>
I see I definitely did choose the right approach in OpenRADIUS to leave
that sort of decision wholly to the administrator, and to put that sort
of logic on a layer well above the server code.
Cheers,
Emile
--
E-Advies - Emile van Bergen emile at e-advies.nl
tel. +31 (0)70 3906153 http://www.e-advies.nl
More information about the Freeradius-Devel
mailing list