rlm_realm module, Realm attr value

Martin Stanislav ms at uakom.sk
Tue Jan 25 09:36:41 CET 2011

On Mon, Jan 24, 2011 at 03:15:46PM +0000, Phil Mayers wrote:
> >If the configured realm value is "DEFAULT", the realm as entered
> >by the user could be used to feed the Realm attribute value.
> I don't think this is a good change.
> For example:
> authorize {
>   suffix
>   if (Realm == DEFAULT) {
>     # not a local realm; do some stuff
>     attr_filter.eduroam
>   }
> }
> ...if you change the value of the "Realm" variable, it's never possible 
> to compare against it. We rely on this in a number of places.

Thanks for your comments.  Beeing able to differentiate a path 
the request is about to take is a real need.  I've had an impression 
%{control:Proxy-To-Realm} can be referenced to get this particular 
information.  Please, correct me in case I need to pick up on the 
intended attribute content and its use. 

> Since as you point out, you can already accomplish this with unlang or 
> regexp realms, I don't think it's necessary to change the behaviour of 
> the existing module.

I admit, the ability to do comparisons against the matched proxy realm 
value is a feature I'd like to keep.  


More information about the Freeradius-Users mailing list