On Mon July 14 2003 23:30, Alex Chen wrote: > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > > Peter Nixon > > Sent: Saturday, July 12, 2003 6:19 AM > > To: [EMAIL PROTECTED] > > Cc: [EMAIL PROTECTED] > > Subject: Re: Dictionary and NAS tables > > > > > > > > This sounds like a resonable solution to me. I already have a > > table listing my > > NASes anyway for reporting and query purposes, it would > > certainly make things > > neater if radius could use the same table. Especially for > > cases where you > > have more than radius server accessing a single DB backend. > > > > Having radius query the DB everytime it gets an unknown > > client query it could > > result in a trivial DoS though :-( > > There would need to be some though go into this.. > > > > > This can eliminate the need to send SIGHUP to the server to > > > > re-read the > > > > > clients.conf, > > > unless we change something in that file, and avoid possible > > > > file corruption > > > > > due to > > > human error when we update the file with large number of NAS. > > > > Yes, although because of DoS issues we maye still wish to > > -HUP the server > > anyway... I agree about management issues though. > > If Denial Of Service attack is a concern, then we can let the server > to read the DB for NAS table during initialization and do not refresh > its cache unless it receives a SIGHUP signal.
Yes. That is the current plan. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
