rlm_realm module, Realm attr value

Phil Mayers p.mayers at imperial.ac.uk
Mon Jan 24 16:15:46 CET 2011


On 01/24/2011 02:32 PM, Martin Stanislav wrote:

> There is one more case that could get this exception like treatment.
> If the configured realm value is "DEFAULT", the realm as entered
> by the user could be used to feed the Realm attribute value.
> Attached diff file describes the code change.

I don't think this is a good change.

For example:

authorize {
   suffix
   if (Realm == DEFAULT) {
     # not a local realm; do some stuff
     attr_filter.eduroam
   }
}

...if you change the value of the "Realm" variable, it's never possible 
to compare against it. We rely on this in a number of places.

Since as you point out, you can already accomplish this with unlang or 
regexp realms, I don't think it's necessary to change the behaviour of 
the existing module.



More information about the Freeradius-Users mailing list