Another "package" - set expiry at first use

Ivan Kalik tnt at kalik.net
Fri May 8 21:07:39 CEST 2009


>> > Upon successful authentication,
>> check it is firstuse. If yes, set expiry
>> > to say 6 months from now.
>> >
>>
>> Use unlang in post-auth: check that there is no session for
>> that user in
>> radacct; if none, put adddate(now(),INTERVAL 6 MONTH) into
>> Tmp-String-0;
>> if you want to keep it in unlang (don't want to write a
>> perl script) you
>> need to convert that from mysql time (yyyy-MM-dd HH:mm:ss)
>> to Month dd
>> yyyy HH:mm:ss using mysql time functions (+ concat()) and
>> store it in
>> Tmp-String-1; then insert Tmp-String-1 as Expiration value
>> for that user
>> in radcheck.
>>
>>
>
> On second thought, maybe we could implement an alternate scheme
> which is cheaper. At post-auth, check if a used_flag in the
> database exists. If not, create one ***AND*** set expiry date.

How is that cheaper? Count(*) on an indexed field is not a very expensive
query. But you have to keep in mind that this query is going to be usefull
only once - every other time it is going to be a waste of time. Is it
worth it? Is setting expiry at the first login worth running this query
hundreds of times "on empty"? Or should you just set the expiry on opening
the account?

>
> We can't keep this in either radcheck or radreply ( can we ? ),
> meaning we need another auxilliary table for users, say userinfo table.

You can extend radcheck table for that field. But since you have both
passwords and expiration in there you need to update and check the line
containing both users name and password - if you check just name you might
end up with the expitation entry while you updated the password entry.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list