pre-auth, authenticate sound good. I would suggest the following list:
1) "pre-auth" for preprocessing, hints, realm, etc.
2) "authenticate"/"authentication" for the various authentication types.
3) "authorize"/"authorization" for restrictions on validated users.
4) "post-auth" to allocate IPs and add other attributes to the reply
5) "post-request" for logging and cleanup. Ideally this would be called after the reply has been sent (hence the name) because there is no point to make the client wait while we prepare the logs.
I would also call "instantiate" -> "preload" because according to the summary it loads the specified modules before any others.
As for the implementing the actual change, perhaps planned obsolescence and config file versions can help if you decide to go ahead with it. Or maybe a radically different approach (XML ?).
Sorry it took so long to answer, I have one of those ideal-case deadlines and reality insists on diverging significantly from that ideal.
-- L.C. (Laurentiu C. Badea)
Alan DeKok wrote:
"L.C. (Laurentiu C. Badea)" <[EMAIL PROTECTED]> wrote:
On the other hand, it is well-known that generally an authorization stage immediately follows authentication, which is the one referred to in the "AAA" acronym.
So... the "post-auth" section should be called "authorize"?
I really don't care what the names are, but the current names in FreeRADIUS have wide deployment, which makes changing them hard.
If we change anything, I'd prefer to go to "pre-auth", "authenticate", and "post-auth". That solves the nameing issue by avoiding it entirely.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
