Matt Sapp wrote:
Greg,
While you may have misunderstood Alan's terseness as him being nasty to you, please look at the situation.
You're saying that if there was a configuration file error, then by all means, stop the server, but if it's "just" a users file error, then it shouldn't be halted and the server should keep going on with some half-correct information.
Well, I'm perfectly happy if the user that contains the "wonky" data (most often, it's not really a typo, but a new token we're experimenting with) gets ignored. I'm content with having *one* customer call me because they can't get authenticated than have the whole system come down because there's something different in a single user.
Personally, I don't see how the users file being in proper shape is any less critical than any other configuration file being correct. You'd be much better off implementing some solution to make sure the users file is correct (perhaps some type checking in whatever system you use to manage your users -- surely you don't have a bunch of type-prone data entry people editing the users file by hand, do you?). The users file has a very specific format, and it's not hard to follow. If you have proper checks in your management system, this is a moot point, and this has been pointed out in reference to the dialup_admin package.Interestingly, the old Livingston radius format didn't need the commas at the end of the lines. I was really surprised when none of the other radius servers I looked (Free, Open, Gnu) could read that file. I can live with having to generate the file differently to work in the updated format. (Was that an RFC change, or was Livingston just broken?)
As another example, GnuRadius doesn't like an ampersand in a username, but FreeRadius does. Should my system come down becuase I've got what seems to be *valid* data, but the radius server doesn't understand it? [RFC 2138 has provisions for non-alphanumerics in the User-Name field.]
-Greg G
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
