Skip authorize if proxy? Preprocess deprecated?
contact at brindereseau.fr
contact at brindereseau.fr
Fri Feb 3 09:35:42 UTC 2023
Le 02.02.2023 17:13, Alan DeKok a écrit :
> I'd suggest avoiding v4. It works, but it's undergoing
> re-architecture on a daily basis. The configuration format may change
> over time. So it's only suitable for production use if you keep on
> top of all of the changes.
Actually, I'm not using v4 yet. But I did take a look to see if it
answers my questions before posting.
> You're right.
>
> But the server rarely forces you to work in a certain way. A module
> could decide to proxy, and then another module could cancel that proxy
> request.
Absolutely, though I don't have this complexity in my case. Thanks for
confirming.
> For your situation above, you could do:
>
> authorize {
> filter_username
> suffix
>
> if (&control:Proxy-To-Realm) {
> return
> }
>
> sql
> ... other stuff which is run only when it's not proxying.
Cool tip, I'll switch to this! I often find return statements to be
more readable than nested conditions (which I have in the sequence even
not represented in the example).
> The "preprocess" module was really only for the "hints" and
> "huntgroups" files. That functionality is done more easily by other
> modules in v4, so the "preprocess" module was removed.
Got it.
I do appreciate the answer. Again, thanks for bringing FreeRADIUS to
the Unix community and for the doc of both FreeRADIUS and NetworkRADIUS
to be freely accessible.
Angély.
More information about the Freeradius-Users
mailing list