On Fri, 15 Feb 2002, Alan DeKok wrote:
> Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> > Try it and tell me how it worked, cause I havent tested the patch heavily.
> > Alan, maybe we could just use the files module to make authorize/accounting
> > module selection based on checks on the incoming request instead of extending
> > radiusd.conf to allow for if/then/else checks.
>
> If *any* module can add 'Autz-Type', then that's even better.
Obviously. It can.
>
> The patches should be tiny. Add 'Autz-Type' to the dictionary, and the
> header files. Then edit the module code so that authorize looks FIRST
> for 'Autz-Type', and uses that. Note that there may be many Autz-Type
> attributes.
>
> If you don't set Autz-Type, then everything works exactly the same
> as before.
>
> I haven't looked at your patch, so I don't know how close my ideas
> are to it.
>
> Alan DeKok.
It's exacltly this way. The only difference is that because the authorize code
is the first one to run you can't set Autz-Type before calling module_authorize.
So we first run whatever is not included in a autztype {} section in the
authorize section (which should normally include an instance of the files
module) and after that we check if Autz-Type is set and if it is we call
module_authorize again passing the Autz-Type.
Probably we could do the same thing with accounting and acct_users
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
