doc/rlm_sql is wrong?
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jan 8 20:38:08 CET 2007
I've been looking at using rlm_sql to replace a fairly complex set of
Autz-Type and rlm_passwd maps. Primarily this is to speed up updates
when e.g. blocking systems and not have to HUP the server.
The doc/rlm_sql file states that processing is done with pairs of
check/reply items at a time - that is, first the user check items are
compared and if matches the reply items added; then for each group (in
order of priority) the group check items are compared and if match the
reply items added.
The code in rlm_sql.c definitely does not do that, at least in 1.1.3 as
far as I can understand the code? Instead it appears to smoosh the user
and all the group check items together, compares them, and if they *all*
match adds *all* the reply items.
This seems to make groups pretty useless except for using the SQL-Group
construct in the users file.
Comments?
More information about the Freeradius-Users
mailing list