Python access to attribute lists
Phil Mayers
p.mayers at imperial.ac.uk
Wed Dec 5 19:40:34 CET 2012
On 12/05/2012 05:59 PM, laurent.feron at free.fr wrote:
> Moreover, the request list is a read only list. I wanted to modify
> the user-name in the authorization function in python, but you
> cannot, only rlm_perl is able to do that. Yes, if someone could
> enhance the rlm_python it will be great. I looked at the rlm_python
> source code, but it is too complex for me. In general, rlm_python
> seems not very popular in the freeradius world.. few information..
> not sure it is no more experimental, performance
Bear in mind I'm a big fan of Python...
Python doesn't really fit FreeRADIUS well. FreeRADIUS is threaded, and
Python has the global interpreter lock, which means it doesn't really do
concurrency in threads very well.
TBH I don't think any of the rlm_$language modules are *that* widely
used - rlm_perl has it's own problems, rlm_ruby is, well... ruby. And
unlang or conditional SQL processing solve many of the problems.
I wonder if a better option wouldn't be something like "rlm_unixsocket"
which passes the request down a unix socket in a standard format, and
takes the reply in the same way. Then the various interpreters could run
"out-of-process".
rlm_rest might be another option.
All that said, the rlm_python code could certainly be improved. There's
no reason it couldn't present a much more pythonic API (and a much more
complete one - it should be easy to expose server innards like
paircompare and so forth).
I might take a look if I get time, but I've got a lot on my plate...
More information about the Freeradius-Users
mailing list