Fwd: Filter attributes when proxying
Martin Zuziak
zuziak at math.ku.dk
Mon Jun 19 15:47:59 CEST 2006
Hello all
I didn't get any response the first time I sent this so I'm trying
again.
Any chance of having such a feature implemented?
Sincerely,
Martin Zuziak <zuziak at math.ku.dk>
PS: Don't worry, if I don't get any answer this time, I'll shut up :)
----- Forwarded message from Martin Zuziak <zuziak at math.ku.dk> -----
Date: Thu, 1 Jun 2006 10:34:19 +0200
From: Martin Zuziak <zuziak at math.ku.dk>
To: freeradius-users at lists.freeradius.org
Subject: Filter attributes when proxying
Hello all
Is it possible to (easily) remove single attributes sent or received
when proxying? I know it can be done with attr_filter but if you only
want to remove a single attribute while leaving the rest untouched, you
need pass rules for every other attribute.
It doesn't look like attr_rewrite can remove attributes. Am I wrong?
Otherwise I think this would be a nice feature to implement. The
attr_filter module can easily (I think) be changed to include a variable
to control whether or not passing rules are needed to allow an
attribute.
Currently attributes are only allowed if they don't fail any rules in
attrs and pass at least one rule:
if (fail == 0 && pass > 0)
This could be changed to something like
if (fail == 0 && (pass > 0 || allow_no_match))
where a variable in the attrs file could control if passing rules are
required.
Sincerely,
Martin Zuziak <zuziak at math.ku.dk>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
----- End forwarded message -----
More information about the Freeradius-Users
mailing list