Python access to attribute lists

Phil Mayers p.mayers at imperial.ac.uk
Wed Dec 5 19:40:34 CET 2012


On 12/05/2012 05:59 PM, laurent.feron at free.fr wrote:
> Moreover, the request list is a read only list. I wanted to modify
> the user-name in the authorization function in python, but you
> cannot, only rlm_perl is able to do that. Yes, if someone could
> enhance the rlm_python it will be great. I looked at the rlm_python
> source code, but it is too complex for me. In general, rlm_python
> seems not very popular in the freeradius world.. few information..
> not sure it is no more experimental, performance

Bear in mind I'm a big fan of Python...

Python doesn't really fit FreeRADIUS well. FreeRADIUS is threaded, and 
Python has the global interpreter lock, which means it doesn't really do 
concurrency in threads very well.

TBH I don't think any of the rlm_$language modules are *that* widely 
used - rlm_perl has it's own problems, rlm_ruby is, well... ruby. And 
unlang or conditional SQL processing solve many of the problems.

I wonder if a better option wouldn't be something like "rlm_unixsocket" 
which passes the request down a unix socket in a standard format, and 
takes the reply in the same way. Then the various interpreters could run 
"out-of-process".

rlm_rest might be another option.

All that said, the rlm_python code could certainly be improved. There's 
no reason it couldn't present a much more pythonic API (and a much more 
complete one - it should be easy to expose server innards like 
paircompare and so forth).

I might take a look if I get time, but I've got a lot on my plate...


More information about the Freeradius-Users mailing list