On _ 2003-02-25 at 19:46, Kostas Kalevras wrote: > On Tue, 25 Feb 2003, Alan DeKok wrote: > > > [EMAIL PROTECTED] (Derrik Pates) wrote: > > > After looking at the checkrad script, I noticed a few minor things. > > > Namely: > > > > > > - For several RAS server types, the script doesn't actually look up > > > username/password (or SNMP community ID) info from anyplace. > > > > Yeah,checkrad hasn't had much development for quite a while. > > > > > - The script only looks in the naspasswd file, which I thought was > > > deprecated. Shouldn't it look in (and of course, parse) clients.conf, > > > at least? > > > > The server probably shouldn't fork checkrad at all. > > > > See 'gnu radius', it uses the SNMP libraries directly to avoid an > > external program like checkrad. > > > > In addition, putting that code into the server means that the > > configuration parameters are easily available, and external programs > > don't have to root through configuration files. > > checkrad is one huge piece of software which i don't think will ever be moved > inside the server. It uses SNMP only for specific nas types (cisco for example) > and other methods (like telnet) for other nas types. > I would prefer just using perl xlat to call it directly from the server thus > avoiding the perl interpreter overhead.
IMHO using check_simul function in perl will reduce use of eval in xlat function and this way overhead will be reducent even more. > The overhead isn't that large in any case since checkrad is only called in > double login cases. > > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards, Boian Jordanov SNE Orbitel - the Internet Company tel. +359 2 937 07 23
signature.asc
Description: This is a digitally signed message part
