[EXT] Integration GO language into Freeradius

Alan DeKok aland at deployingradius.com
Mon Mar 21 22:48:09 UTC 2022


On Mar 21, 2022, at 6:22 PM, Matthew Newton <mcn at freeradius.org> wrote:
> In over a decade of building FreeRADIUS configs I have never used any of the scripting language modules. Unlang might not always be the prettiest, but it does work, and is pretty much going to be the fastest option.

  My favorite is things like "write a Perl script which opens a connection to MySQL for every packet, and does one SQL query".  Generally followed by "why is it so slow?"

  The server already has that functionality.  It works, and it's fast.

> There may be a few unusual cases where something more flexible could possibly be justified (and unlang does fall slightly short in a few areas, occasionally requiring some "creative" config), but I've never found it hard enough to need to use something else.
> 
> There's been too many cases where people have written configs in python or perl because that's what they're used to... and the result has been much simpler and faster once that's all ripped out and it's recreated in unlang. I really don't see adding yet another language much of a help.

  I'm happy to look at patches, but you're right here.

  FreeRADIUS implements authentication protocols and database queries.  It has just enough of a policy language to allow those two things to be "glued" together.

  Policies should NOT be written in a general-purpose programming language.  If they are, odds are that the policies are way too complex, and/or re-implement things which are already in the server.

  In most cases, a good chunk of policy complexity is really *data* complexity.  i.e. If you have 10 million users, you don't write a policy like:

	if (User-Name == "a") {
		... get password for "a"

	} else if (User-Name == "b") {
		... get password for "b" ...

  That's unmaintainable.  Instead, put complexity into a database, with a good database schema.  Most policies then become 2-3 database queries, and a tiny bit of logic around that.

  Alan DeKok.



More information about the Freeradius-Users mailing list