Plug-in Question

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Sat Jul 7 22:11:41 CEST 2007


Phil Mayers wrote:
> On Fri, 2007-07-06 at 11:49 +0200, Alan DeKok wrote:
>   
>> Stefan Winter wrote:
>>     
>>> It's a long shot, but: wouldn't it make sense to clear the wording for 2.0? I 
>>> know, it would break all existing configs out there, but manually working 
>>> through the config is needed anyways...
>>> I know that this wording startled me quite a bit when I was new here...
>>>       
>>   It's worth doing.
>>
>>   The problem is we can't call the post-authentication step "authorize",
>> because that will confuse everyone upgrading from 1.x.
>>
>>   I think the default configuration should be "pre-auth", "auth", and
>> "post-auth".  We can still accept "authorize" as a synonym for
>> "pre-auth" in the short term.
>>     
>
> +1 - excellent idea
>
>
>   
+1 - Makes more sense...

So proxying logic is done in pre-auth , authentication in auth , and 
reply formulation in post-auth...

Yeah far better :) No more reply formulation for users who are going to 
be rejected ....

+ Remove post auth query from SQL module ... functionality can be 
replicated in unlang with minimum of fuss.
so authorisation method of rlm_sql gets mapped to post-auth as well as 
pre-auth.

Though I feel sorry for migrating users... Though this now follows the 
standard aaa logic, Authenticate Authorise Account, so might be less 
confusing for new users.

---
Arran




More information about the Freeradius-Users mailing list