Plug-in Question

Arran Cudbard-Bell A.Cudbard-Bell at sussex.ac.uk
Sat Jul 7 22:59:33 CEST 2007


Peter Nixon wrote:
> On Sat 07 Jul 2007, Arran Cudbard-Bell wrote:
>   
>> Phil Mayers wrote:
>>     
>>> On Fri, 2007-07-06 at 11:49 +0200, Alan DeKok wrote:
>>>       
>>>> Stefan Winter wrote:
>>>>         
>>>>> It's a long shot, but: wouldn't it make sense to clear the wording for
>>>>> 2.0? I know, it would break all existing configs out there, but
>>>>> manually working through the config is needed anyways...
>>>>> I know that this wording startled me quite a bit when I was new
>>>>> here...
>>>>>           
>>>>   It's worth doing.
>>>>
>>>>   The problem is we can't call the post-authentication step
>>>> "authorize", because that will confuse everyone upgrading from 1.x.
>>>>
>>>>   I think the default configuration should be "pre-auth", "auth", and
>>>> "post-auth".  We can still accept "authorize" as a synonym for
>>>> "pre-auth" in the short term.
>>>>         
>>> +1 - excellent idea
>>>       
>> +1 - Makes more sense...
>>
>> So proxying logic is done in pre-auth , authentication in auth , and
>> reply formulation in post-auth...
>>
>> Yeah far better :) No more reply formulation for users who are going to
>> be rejected ....
>>
>> + Remove post auth query from SQL module ... functionality can be
>> replicated in unlang with minimum of fuss.
>>     
>
> Why do this? The ability to log things to sql post-auth is very usefull and I 
> believe fairly widely used. What is the advantage of removing it?
>
>   
Right, so you wanting to authorize people in post-auth using .... then 
theres a conflict. You can't select whether you want to use the logging 
function of rlm_sql or the authorisation function.



More information about the Freeradius-Users mailing list