Chris Parker <[EMAIL PROTECTED]> wrote:
> > I'm open to suggestions for what to do with the "authorize" section
> >and Autz-Type. I don't want to break older configurations, so that's
> >a bit of a constraint.
>
> Have an 'old_style_authorize' config directive that defaults to yes.
Nah. I took a quick look into it. A better way would be to have an
"indexed" sub-list, like "redundant".
e.g.
authorize {
chap
foo
bar
indexed {
Autz-Type ldap1 {
ldap1
}
Autz-Type ldap2 {
ldap2
}
}
eap
}
The "indexed" group would work just like "authenticate" does, except
using the Autz-Type attribute. Simple, and pretty clean.
As a bonus, it's probably only ~50 lines of code.
> The problem is that Authenticate works, because we set Auth-Type prior
> to entering that block. We don't have anything to set Autz-Type prior
> to running the Authorize block. :\
Yes, but we should really have some kind of "goto" in the various
blocks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
