> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Peter Nixon > Sent: Saturday, July 12, 2003 6:19 AM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: Dictionary and NAS tables > > > > This sounds like a resonable solution to me. I already have a > table listing my > NASes anyway for reporting and query purposes, it would > certainly make things > neater if radius could use the same table. Especially for > cases where you > have more than radius server accessing a single DB backend. > > Having radius query the DB everytime it gets an unknown > client query it could > result in a trivial DoS though :-( > There would need to be some though go into this.. > > > This can eliminate the need to send SIGHUP to the server to > re-read the > > clients.conf, > > unless we change something in that file, and avoid possible > file corruption > > due to > > human error when we update the file with large number of NAS. > > Yes, although because of DoS issues we maye still wish to > -HUP the server > anyway... I agree about management issues though. >
If Denial Of Service attack is a concern, then we can let the server to read the DB for NAS table during initialization and do not refresh its cache unless it receives a SIGHUP signal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
