Skip authorize if proxy? Preprocess deprecated?
contact at brindereseau.fr
contact at brindereseau.fr
Thu Feb 2 15:09:19 UTC 2023
Hello,
Thanks for FreeRADIUS and the incredible amount of work. The more I use
it, the more I love it, especially Unlang which allows for flexible and
specific pre and post processing.
I just wonder about the RADIUS sequence (v3 but v4 may be also
concerned):
why neither the default sequence or the doc suggests to employ such a
below logic?
authorize {
filter_username
suffix
if (!&control:Proxy-To-Realm) { # or check "&control.Auth-Type" in
v4
sql
my_super_module
my_other_module
# some other things...
chap
pap
}
}
My point being: once we know that proxy is needed (told by "suffix"
usually), it seems to me the rest of "authorize" section can be skipped
*in most cases*.
It would gain some time and prevent potential side effects by subsequent
modules (depending on what they do, of course).
Or am I wrong? Did I miss something?
Also, yet not related, is "preprocess" actually deprecated in favor of a
custom module in Unlang?
Or is there a reason to still use it (execution time, backward
compatibility)?
It seems to have disappeared in v4.
Thanks!
More information about the Freeradius-Users
mailing list