(RADIATOR) Adding reply- and check attributes after Access-Accept

Hugh Irvine hugh at open.com.au
Thu Aug 8 06:56:36 CDT 2002 

Hello Rickard -

What you describe is correct.

In this case it would probably make sense to chain two AuthBy SQL 
clauses together, or to use a PostAuthHook as you describe, or to write 
a stored procedure or equivalent if your database supports them.

regards

Hugh


On Thursday, August 8, 2002, at 06:39 PM, Rickard Gunnarsson wrote:

> Thanks for your reply Hugh,
>
> however, isn't it so that AuthSQLQuery (=AuthSQLStatement??) is executed
> before AuthSelect? If I use AuthSQLStatement to update my ACTIVE field, 
> I do
> not know at this point if the user authentication will be successfull,
> right? I could check all the check-attributes in the AuthSQLStatement 
> before
> updating my ACTIVE field, but then the same process would occurr twice 
> since
> the AuthSelect statement will be executed immediately after.
>
> Or did I get it all wrong?
>
> Regards,
>
> Rickard
>
>>
>> Hello Richard -
>>
>> I think you will need to add an ACTIVE field to your database.
>>
>> The ACTIVE field can be set to 24 hours in the future the first time 
>> the
>> account is used with an AuthSQLQuery, and the Session-Timeout reply
>> attribute can be set to the number of seconds remaining until that time
>> every time the user logs in. Your AuthSelect query can check to make
>> sure that the current time has not passed the ACTIVE time.
>>
>> regards
>>
>> Hugh
>>
>>
>> On Wednesday, August 7, 2002, at 09:26 PM, Rickard Gunnarsson wrote:
>>
>>> Hi,
>>>
>>> this is my problem: I've got a number of pre-generated user accounts 
>>> in
>>> an
>>> SQL-database. Whenever a user uses his account for the first time, the
>>> account should be valid for 24 hours. To not complicate things, we can
>>> assume there are no check- or reply attributes by default.
>>>
>>> My idea was to check whether a first successful authentication has
>>> occurred
>>> and if so add a reply attribute like Session-Timeout=86400 (24hrs) to
>>> the
>>> reply packet.
>>> I would also need to update my database to add the check attributes
>>> Time=[now-(now+24hrs)]  and Expiration=[now+24hrs] and a reply 
>>> attribute
>>> like Session-Timeout="until Time". This would give the correct
>>> behaviour for
>>> future authentications the following 24 hours.
>>>
>>> I intended to solve this by using the PostAuthHook, checking if the
>>> Session-Timout attribute was present in the reply packet to decide if
>>> the
>>> account is used for the first time, and if so adding the
>>> Session-Timeout to
>>> the reply packet and updating my database.
>>>
>>> I guess this would work, but it doesn't look as an optimal solution to
>>> me
>>> from a performance point of view.
>>> Anyone got an idea of a better way of solving my problem? Possibly
>>> using an
>>> SQL trigger or function called by AuthSQLStatement or something else?
>>>
>>> Regards,
>>>
>>> Rickard
>>>
>>>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list