Deleting reply items before post-proxy
A.Cudbard-Bell at sussex.ac.uk
Sat Sep 1 12:32:24 CEST 2007
Alan DeKok wrote:
> Joe Maimon wrote:
>> So how do I properly ensure that entries I have attached to DEFAULTS for
>> proxied realms in my users file actually get sent? Currently I have the
>> offending code patched out.
> What offending code?
> I recently had another thought about 2.x: assign virtual servers to
> realms, too. Those virtual servers would contain only pre-proxy and
> post-proxy sections.
> Doing that will mean that each realm will have its own policies,
> independent of anything else.
> It won't solve the "post-proxy-authorize" issue, but it will solve
> other problems.
Well it'll certainly make the solution to other problems neater.
I have to confess I had assumed the proxy behaviour was to allow reply
attributes set in the authorise section to be sent on successful
authentication by the home server, and structured my configuration to
take advantage of this (as it seemed the logical way for things to work).
So I will have to take out that line, which makes testing really annoying.
So repeat plea for configuration option to allow the original reply to
be combined with the *heavily filtered* reply from server.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Devel