rlm_realm module, Realm attr value
Alan DeKok
aland at deployingradius.com
Tue Jan 25 13:52:21 CET 2011
Stefan Winter wrote:
> Seems like the term "Realm" is used in an overloaded manner: on the one
> hand, it's the user-supplied character string, on the other hand it's a
> named instance of the realm module.
Not quite... a user-supplied character string, and a named realm in
the proxy.conf file. The named realms are used by the "realms" module
to find a matching name.
> Looks like up until 2.1.8, the AVP Realm was always created with
> Realm-the-character-string as it came from the request, but with 2.1.9,
> this changed to Realm-the-instance-name.
Hmm... I think it's the other way around. In 2.1.9, a regex realm
results in "Realm = match", instead of "Realm = regex".
> Problem is, both of these can be valuable somehow, and need to be
> addressable. In a rlm_linelog, I care about logging the actual input; at
> other places, I may want to check which path the packet will take.
>
> In short, I think there should be two attributes: one to contain the
> instance name, one with the string. Using unlang is of course possible,
> but clumsy - it worked without before.
There's utility creating two attributes, I think.
Alan DeKok.
More information about the Freeradius-Users
mailing list