(RADIATOR) Adding reply- and check attributes after Access-Accept
Hugh Irvine
hugh at open.com.au
Thu Aug 8 01:05:59 CDT 2002
Hello Richard -
I think you will need to add an ACTIVE field to your database.
The ACTIVE field can be set to 24 hours in the future the first time the
account is used with an AuthSQLQuery, and the Session-Timeout reply
attribute can be set to the number of seconds remaining until that time
every time the user logs in. Your AuthSelect query can check to make
sure that the current time has not passed the ACTIVE time.
regards
Hugh
On Wednesday, August 7, 2002, at 09:26 PM, Rickard Gunnarsson wrote:
> Hi,
>
> this is my problem: I've got a number of pre-generated user accounts in
> an
> SQL-database. Whenever a user uses his account for the first time, the
> account should be valid for 24 hours. To not complicate things, we can
> assume there are no check- or reply attributes by default.
>
> My idea was to check whether a first successful authentication has
> occurred
> and if so add a reply attribute like Session-Timeout=86400 (24hrs) to
> the
> reply packet.
> I would also need to update my database to add the check attributes
> Time=[now-(now+24hrs)] and Expiration=[now+24hrs] and a reply attribute
> like Session-Timeout="until Time". This would give the correct
> behaviour for
> future authentications the following 24 hours.
>
> I intended to solve this by using the PostAuthHook, checking if the
> Session-Timout attribute was present in the reply packet to decide if
> the
> account is used for the first time, and if so adding the
> Session-Timeout to
> the reply packet and updating my database.
>
> I guess this would work, but it doesn't look as an optimal solution to
> me
> from a performance point of view.
> Anyone got an idea of a better way of solving my problem? Possibly
> using an
> SQL trigger or function called by AuthSQLStatement or something else?
>
> Regards,
>
> Rickard
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list