Skip authorize if proxy? Preprocess deprecated?

contact at brindereseau.fr contact at brindereseau.fr
Thu Feb 2 15:09:19 UTC 2023


Hello,

Thanks for FreeRADIUS and the incredible amount of work. The more I use 
it, the more I love it, especially Unlang which allows for flexible and 
specific pre and post processing.

I just wonder about the RADIUS sequence (v3 but v4 may be also 
concerned):
why neither the default sequence or the doc suggests to employ such a 
below logic?

authorize {
     filter_username
     suffix

     if (!&control:Proxy-To-Realm) { # or check "&control.Auth-Type" in 
v4
       sql
       my_super_module
       my_other_module
       # some other things...
       chap
       pap
     }
}

My point being: once we know that proxy is needed (told by "suffix" 
usually), it seems to me the rest of "authorize" section can be skipped 
*in most cases*.
It would gain some time and prevent potential side effects by subsequent 
modules (depending on what they do, of course).
Or am I wrong? Did I miss something?

Also, yet not related, is "preprocess" actually deprecated in favor of a 
custom module in Unlang?
Or is there a reason to still use it (execution time, backward 
compatibility)?
It seems to have disappeared in v4.

Thanks!


More information about the Freeradius-Users mailing list