Alan Dekok wrote: > Another thing for 2.0.0 (maybe) is to have per-socket configuration. > i.e. socket X can have authorization section X, and socket Y can have > authorization section Y. > > It may not be too hard to add, in fact.
Yup. 300 lines of code. The "listener" sections already had an undocumented "identity" entry. It's now used: listen { ipaddr = ... type = ... identity = foo } ... identity foo { authorize { ... } authenticate { ... } } if the "identity foo" section exists, then the authorize / authenticate / etc. sections in it are used, in preference to the ones not wrapped in "identity". This means that each port that the server is listening on can have completely independent authorize / etc. rules. The "listen" sections currently support per-socket clients via a hack. Those will be moved into the "identity" section, too. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html