Filter attributes when proxying

Martin Zuziak zuziak at math.ku.dk
Thu Jun 1 10:34:19 CEST 2006


Hello all

Is it possible to (easily) remove single attributes sent or received
when proxying? I know it can be done with attr_filter but if you only
want to remove a single attribute while leaving the rest untouched, you
need pass rules for every other attribute.

It doesn't look like attr_rewrite can remove attributes. Am I wrong?

Otherwise I think this would be a nice feature to implement. The
attr_filter module can easily (I think) be changed to include a variable
to control whether or not passing rules are needed to allow an
attribute.

Currently attributes are only allowed if they don't fail any rules in
attrs and pass at least one rule:

if (fail == 0 && pass > 0)

This could be changed to something like
if (fail == 0 && (pass > 0 || allow_no_match))

where a variable in the attrs file could control if passing rules are
required.

Sincerely,

Martin Zuziak <zuziak at math.ku.dk>




More information about the Freeradius-Users mailing list