rlm_perl changing User-Name and proxy requests

Ti Leggett leggett at mcs.anl.gov
Fri Jan 11 21:47:25 CET 2013

On Jan 11, 2013, at 2:32 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:

> [snip]
> Yeah it'll just bog down your LDAP server instead. You should use rlm_cache to cache the result of the LDAP lookup (once you have all this working)*.
> Have you added nostrip for all the realms? The only way I can see it clobbering username is if stripping is enabled.

So that was my first thought too. However, I have limited visibility into the remote lab crypto server and when I sent a request to with a realm included, it flat out dropped the request. Didn't reply at all. So I need the realm to so the proxy portion can hit the right destination, but I need the User-Name stripped so the remote server can understand it.

> -Arran
> PS: You know you want to test the threaded version of the updated rlm_krb5 module :)

I do! Once I get this configuration working I'll be happy to try it. One of my todos for this whole config revamp is to stress test the environment against a brute force attack (we get them frequently). Then I'll have some before numbers to compare with the after.

> * Only use the rlm_cache module from 2.2.1
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list