(RADIATOR) IMPORTANT - Realms and Handlers explained

Hugh Irvine hugh at open.com.au
Fri Jan 11 19:53:32 CST 2002 

Hello Jeremy -

This question comes up now and again, so here is the story.

In the beginning there were only Realms and Radiator was very simple.

As time passed, people wanted to be able to do more advanced things with 
Radiator and so the more general concept of Handlers was born (of which 
Realms are a subset).

The way Radiator is structured to deal with both Realms and Handlers is as 
follows: once a radius request has been processed by a Client clause, 
Radiator looks to see if there are any Realms and if so finds a match and 
passes the request to the Realm clause. If a Realm is not found then Radiator 
looks to see if there are any Handlers and if so evaluates the list until a 
match occurs on the first Handler definition for which the criteria match.

The above processing sequence means that in most cases when people try to mix 
Realms and Handlers, the Handlers are never evaluated because the Realm(s) 
catch everything. This is why I usually suggest that Realms and Handlers 
should not be mixed in the same configuration file.

Note that it is very simple to convert Realms to Handlers:

<Realm foo.bar>

is equivalent to 

<Handler Realm = foo.bar>

The only thing to keep in mind is that the first match is the only match, so 
the more specific Handlers must appear before the more general Handlers.

Also note that the list of Handlers is evaluated in the order that they 
appear in the configuration file, and it is a good idea to have your most 
frequently hit Handlers as close to the top of the list as possible (modulo 
the above paragraph).

If you are interested in what goes on inside the code, have a look at 
"Radius/Client.pm", "Radius/Handler.pm" and "Radius/Realm.pm".

regards

Hugh


On Sat, 12 Jan 2002 12:24, jeremyb at supreme.pcug.org.au wrote:
> Hugh Irvine <hugh at open.com.au> wrote:
> <...>
>
> > Note that you should not mix Realms and Handlers in the same
> > configuration file, and more specific Handlers must appear before more
> > general Handlers.
>
> Just curious ... could you explain why "you should not mix Realms and
> Handlers in the same configuration file ..." ?
>
> Thanks,
> Jeremy

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list