Standardised JSON VP list format

Phil Mayers p.mayers at
Thu Nov 10 17:49:03 CET 2011

On 10/11/11 16:23, Arran Cudbard-Bell wrote:
> On 10 Nov 2011, at 16:48, Phil Mayers wrote:
>> On 10/11/11 14:54, Arran Cudbard-Bell wrote:
>>> If users want to admins want to expose more than the request list they can copy the values
>>> across...
>> Ugh. So rlm_sql all over again... please no!
> *if admins want to
> So you want to do what? Include the entire control list with the password hashes?

A common use case for similar modules is to EXTRACT the password hash 
from some database, and give it to FreeRADIUS. So there's a good chance 
a lot of password hashes will be flying around in the returned JSON.

If they're doing PAP, the User-Password field will be in the JSON. And 
so on.

So unless you're going to provide an attribute filtering mechanism (good 
luck supporting that on the mailing list!) you're going to have to face 
attribute privacy issues anyway. Does rlm_rest support HTTPS?

Anyway, no - that's not what I want. What I *don't* want is to have to 
do this:

  update request {
    Var = "%{reply:Var}"
    Var2 = "%{control:Var2}"

How about a module config item:

  modules {
   rest myserver {
     # which attributes do we send to the server
     request_pairs = yes
     control_pairs = no
     reply_pairs = no

However: I'm bikeshedding. There's precisely zero chance I'd use this 
module, so feel free to ignore me.


More information about the Freeradius-Devel mailing list