Null SQL user

Michael Griego mgriego at
Thu Sep 21 04:14:16 CEST 2006

Hey, Peter,

> How/Where is this DEFAULT user checked in SQL? I was of the impression that
> DEFAULT data didnt work in SQL. (It it does I obviously am missing
> something.)

We do a lot of default processing here.  We're using it as a catchall
default policy for users (ie unless otherwise specified beforehand,
users are, by default, allowed access these resources and denied
access to these resources).

Anyway, check out rlm_sql.c line 1018.  This is where the default
profile processing begins based on the default_user_profile
configuration item in the sql {} section.  These section also
processes the User-Profile attribute if its present instead of the
default profile.

> As you can see a request with NULL username is quite valid for me, and may be
> proxied or accepted based (from inside the sql procedure) based on
> information in the request other than username/password and should therefore
> go through the normal sql queries.

Oh, absolutely.  There are many instances where a User-Name attribute
may not/need not be present that are completely valid and should be
handled by the sql module.


More information about the Freeradius-Devel mailing list