Post-Auth-Type REJECT "broken" in 3.1.x

[Matthew Newton]

On Thu, Jun 23, 2016 at 09:41:27AM -0400, Alan DeKok wrote:
> On Jun 23, 2016, at 9:38 AM, A.L.M.Buxey at lboro.ac.uk wrote:
> > IIRC upgrading from 3.0.x to 3.1.x wont work with 3.0.x configs anyway due to
> > several symantec changes with variable/option names anyway.
> 
>  Still, minimal surprises are nice.

That's what I thought.

I'll take a look at it.

> > (which is one reason I advise people to use 3.1.x rather than 3.0.x when moving from
> > 2.x anyway - as they'll be ready for 3.2.x release....whereas if you've migrated
> > config to 3.0.x you'll have to migrate again for 3.2.x  ;-)
> 
> If only we could get people to upgrade from 2.1.12.  <sigh>

:(

> The larger problem for 4.0 is that there will be many, many,
> more changes to the configuration.  Practices of 18 years will
> unfortunately be changed.

I guess 4.0.x might now be a good time to consider several things
that have been around for a long time, but may no longer be
particularly common or required.

Looking at e.g. preprocess, there are a shedload of hacks for
things that look pretty old. How many are still useful, or could
be written as unlang policies instead?

With unlang, are hints and huntgroups still worth keeping? Is
preprocess still needed at all? Is there a more generic way
rlm_files could work to cover the same thing?

Things like mschap NT domain hack...

Talk a while back about renameing authorize{}, post-auth{} etc.
Though I don't think there were any conclusive arguments.

I don't have any idea whether people are still using any of
this stuff...

Matthew



-- 
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>