(RADIATOR) AuthByPolicy and INFO messages

Hugh Irvine hugh at open.com.au
Mon Mar 11 17:46:24 CST 2002 

Hello Roland -

It is probably easiest to do what you suggest below and reverse the order of 
the AuthBy clauses. Keep in mind that the AuthBy FILE caches the file 
contents in memory at startup time, and you are only talking about a couple 
of memory lookups, so performance will not be impacted at all.

regards

Hugh


On Tue, 12 Mar 2002 00:34, Roland Rosenfeld wrote:
> Hi!
>
> I use a configuration like this:
>
> AuthByPolicy ContinueWhileReject
> <AuthBy SQL>
> ...
> </AuthBy SQL>
> <AuthBy FILE>
> ...
> </AuthBy>
>
> Nearly all of our users can be authenticated using SQL, but there are
> 3 special accounts in the FILE defined.  Not the problem is, that with
> Trace 4, the INFO records always show
>  INFO: Access rejected for <some-user-name>: No such user
> where users are defined in the SQL database, but they use wrong
> passwords.  The problem is, that ContinueWhileReject implies, that
> radiator sees the wrong password and looks for the user in the FILE,
> where he doesn't exist, which results in "No such user".
>
> But what can I do to get a "Wrong Password", when the password is
> wrong via SQL authentication and to check the <AuthBy FILE> only when
> the user does not exist in the SQL database?
>
> I don't think that it's a good idea to change the order of the two
> AuthBy sessions, because nearly all users can be authenticated via
> SQL, so the FILE part should only be asked, when the user is not found
> in SQL for performance reasons.
>
> Tschoeeee
>
>         Roland
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list