"Mark Lavi" <[EMAIL PROTECTED]> wrote: > Agreed, few attributes are specifically for web servers. However, a > number of attributes are user or group specific and they would be of use > for further authorization or personalization of a web page. For > instance: user-name, class, connect-info, and vendor-specific attributes > all might be information from the RADIUS server that could be further > utilized by an application without relying on another data source.
How? > The web application I am helping to design and RADIUS is the only > authentication allowed in the environment I must work in. I hope it is > now noted that the additional access-accept attributes could be useful > in a web server environment. Sure, but what do you do with them? Would anyone else do the same things? > First Question: could the web page at URL: > http://www.freeradius.org/mod_auth_radius/ be updated to reflect the > current released version of 1.5.6 - that is what I downloaded with the > link for http://www.freeradius.org/mod_auth_radius/! The "Updates" > section currently lists 1.5.5 and the page hasn't been updated since > September. I'll take a look. > For the general benefit of the freeradius community, I stumbled upon > another deviation on mod_auth_radius.c for Apache at URL: > https://www.gnarst.net/authradius/ which is listed in the Apache Modules > directory, it is in release for Apache 1.3.x and pre-release mode. for > Apache 2.x. Yeah. He spent a year making changes, and finally mailed me about it last November. I responded, and asked to merge our efforts, so that we wouldn't duplicate work, and I haven't heard back since. Alan DeKok. > Second Question: could the web page add a link to this deviation in the > "Related Pages" section? <shrug> Sure. But it would validate the approach of forking the code base, making incompatible changes, and never feeding patches or fixes back upstream to the original author. > This deviation module seems to allow group-id attributes to be passsed > back, probably requiring an extension to the RADIUS dictionary, I think. > I'm about to experiment with this today. That is SO location-specific that I doubt it should go into the default source for the module. > So my final note is that it looks like there is a demonstrated need for > additional attributes in the web server environment. Have I ever said otherwise? > It would be ideal to unify the deviations, but in the meantime I > will look into finding my own resource to work or update > mod_auth_radius.c For site-specific changes, of course. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
