Cleaning up the "realms"
Geoffroy Arnoud
garnoud at yahoo.co.uk
Wed Mar 28 09:38:35 CEST 2007
> I'd also like to move the rlm_realm configs
> prefix/suffix &&
> "delimiter" to the individual "realms" section in
> proxy.conf, but that
> might break things.
If I understand, you would like to "merge" realm
detection (made in a module) with server proxy
configuration/code?
My opinion is that it is not so interesting because
having a module setting a specific attribute
"Proxy-To-Realm" with the wanted value allows to proxy
request with criteria not only based on the User-Name.
For example, you can have one remote server FOO,
managing User-Name of the form:
foo/user at realm
user at foo
user at foo-test.com
...
And with FR 1_1, if a specific detection is required,
it can be implemented easily.
One can also think about proxying based on
Client-IP-Address (Yes it is possible, in our case, it
could be used), and using rlm_files module to do it.
Of course, is what I describe is still possible with
what you propose, I don't have any objection.
Else this would mean that FR 2_0 can do less than 1_1.
Best regards,
Geoff.
___________________________________________________________________________
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions !
Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses
http://fr.answers.yahoo.com
More information about the Freeradius-Devel
mailing list