rlm_realm module, Realm attr value
Martin Stanislav
ms at uakom.sk
Tue Jan 25 09:36:41 CET 2011
On Mon, Jan 24, 2011 at 03:15:46PM +0000, Phil Mayers wrote:
>
> >If the configured realm value is "DEFAULT", the realm as entered
> >by the user could be used to feed the Realm attribute value.
>
> I don't think this is a good change.
>
> For example:
>
> authorize {
> suffix
> if (Realm == DEFAULT) {
> # not a local realm; do some stuff
> attr_filter.eduroam
> }
> }
>
> ...if you change the value of the "Realm" variable, it's never possible
> to compare against it. We rely on this in a number of places.
Thanks for your comments. Beeing able to differentiate a path
the request is about to take is a real need. I've had an impression
%{control:Proxy-To-Realm} can be referenced to get this particular
information. Please, correct me in case I need to pick up on the
intended attribute content and its use.
> Since as you point out, you can already accomplish this with unlang or
> regexp realms, I don't think it's necessary to change the behaviour of
> the existing module.
I admit, the ability to do comparisons against the matched proxy realm
value is a feature I'd like to keep.
Martin
More information about the Freeradius-Users
mailing list