> This opens up a security hole I wish to avoid - if someone knows what > my > circuit Id's look like, and that database is used in any context where > a > user can send an id/password to authenticate that does NOT have > ADSL-Agent-Cirtcuit-Id in it, then I've created a bunch of known user > id's for the bad guys to use. I am happy having a non-default sql > database schema but I think I really need the sql lookup to be being > based on ADSL-Agent-Circuit-Id and not User-Name.
OK. You could try a few other things: Change the radcheck entry to: > > +--------+-----------+-----------------------+----+-----------+ > > | id | username | attribute | op | value | > > +--------+-----------+-----------------------+----+-----------+ > > | 226529 | adslagent | ADSL-Agent-Circuit-Id | := | adslagent | > > +--------+-----------+-----------------------+----+-----------+ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
