Standardised JSON VP list format
Phil Mayers
p.mayers at imperial.ac.uk
Thu Nov 10 17:49:03 CET 2011
On 10/11/11 16:23, Arran Cudbard-Bell wrote:
>
> On 10 Nov 2011, at 16:48, Phil Mayers wrote:
>
>> On 10/11/11 14:54, Arran Cudbard-Bell wrote:
>>
>>> If users want to admins want to expose more than the request list they can copy the values
>>> across...
>>
>> Ugh. So rlm_sql all over again... please no!
>
> *if admins want to
>
> So you want to do what? Include the entire control list with the password hashes?
A common use case for similar modules is to EXTRACT the password hash
from some database, and give it to FreeRADIUS. So there's a good chance
a lot of password hashes will be flying around in the returned JSON.
If they're doing PAP, the User-Password field will be in the JSON. And
so on.
So unless you're going to provide an attribute filtering mechanism (good
luck supporting that on the mailing list!) you're going to have to face
attribute privacy issues anyway. Does rlm_rest support HTTPS?
Anyway, no - that's not what I want. What I *don't* want is to have to
do this:
update request {
Var = "%{reply:Var}"
Var2 = "%{control:Var2}"
}
How about a module config item:
modules {
rest myserver {
# which attributes do we send to the server
request_pairs = yes
control_pairs = no
reply_pairs = no
}
}
However: I'm bikeshedding. There's precisely zero chance I'd use this
module, so feel free to ignore me.
Cheers,
Phil
More information about the Freeradius-Devel
mailing list