On Friday 20 June 2003 3:53 am, Kostas Kalevras wrote: > On Wed, 18 Jun 2003, Roberto Pioli wrote: > > when he module counter return: > > > > rlm_counter: Entering module authorize code > > rlm_counter: Could not find Check item value pair > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > modcall[authorize]: module "counter" returns noop > > modcall: group authorize returns ok > > > > What's the matter? > > Isn't it obvious?
Actually, it isn't. I ran into this problem when I first started to use this,
and it was rather annoying because as far as I could tell, I **had** defined
a check item, so I was totally bewildered by the comment "could not find it".
My line of thinking was that the "counter" module CREATED a variable (i.e.,
the "counter-name") that later modules could compare against for a pass/fail
condition test. It took several passes through the documentation to
understand this is backward: other modules set the "check-name" variable to a
particular cutoff value, and THEN the counter module performs the comparison.
In re-reading the documentation right now, I think I see why I thought that
AND a possible "impossible situation". The comments read:
# The counter-name can also be used like below:
#
# DEFAULT Daily-Session-Time > 3600, Auth-Type = Reject
# Reply-Message = "You've used up more than one hour today"
which would appear in the "users" file and/or in an SQL table. The
implication with this comment is that the counter module has to occur FIRST
in order to define a value of "daily-session-time" so the comparison can take
place, however if the counter module occurs first, no "check-items" have been
defined, so the counter module noop's out without setting daily-session-time.
So now I'm curious, can the "counter-name" actually be used as per the example
in the comments, and if so, how? [and if not, why is it documented that way
in the released code?]
--
Yet another Blog: http://osnut.homelinux.net
pgp00000.pgp
Description: signature
