auto-expiring accounts w/ FreeRadius

Peter Nixon listuser at peternixon.net
Thu Mar 2 09:38:06 CET 2006


On Thu 02 Mar 2006 10:06, Stefan Winter wrote:
> Hi,
>
> > I've been asked to set up an authentication system with automatically
> > expiring user access ... so, once the user first loggs in, and a certain
> > time (like e.g. 24 hours) goes by, the account is supposed to be
> > deleted. I recon based on MySQL authentication this should be possible
> > with FreeRadius ... can FreeRadius be configured to store a "first used"
> > timestamp with an authentication entry? That way, setting up an SQL
> > script that regularly purges the old, used entries would be easy ...
>
> if you want to, FR logs every Access-Accept. So, finding the first usage is
> as easy as writing an SQL query that retrieves the first Access-Accept for
> the user. You can base your script to delete entries upon that.

Another way to do this is to have a database trigger on accounting (or Auth) 
requests which update your authentication table, and include a WHERE date() - 
stardate < "24 HOURS"::INTERVAL (or something to that effect) in your auth 
queries. That query is _probably_ correct for Postgresql. You will of course 
have to modify it for other databases.

The advantage of this method is that you dont need to purge anything or run 
any cron scripts. Everything is handled automatically by the database..

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060302/8ba4e98a/attachment.pgp>


More information about the Freeradius-Users mailing list