Alan Dekok wrote:
> Another thing for 2.0.0 (maybe) is to have per-socket configuration.
> i.e. socket X can have authorization section X, and socket Y can have
> authorization section Y.
>
> It may not be too hard to add, in fact.
Yup. 300 lines of code.
The "listener" sections already had an undocumented "identity" entry.
It's now used:
listen {
ipaddr = ...
type = ...
identity = foo
}
...
identity foo {
authorize {
...
}
authenticate {
...
}
}
if the "identity foo" section exists, then the authorize /
authenticate / etc. sections in it are used, in preference to the ones
not wrapped in "identity".
This means that each port that the server is listening on can have
completely independent authorize / etc. rules.
The "listen" sections currently support per-socket clients via a hack.
Those will be moved into the "identity" section, too.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
