(RADIATOR) Auth only on same realm

Hugh Irvine hugh at open.com.au
Tue Feb 4 16:09:15 CST 2003


Hello Tom -

Yes. Handlers are evaluated in the order they appear in the 
configuration file with the first match being the only match.

For completeness, you should be aware that mixing Realms and Handlers 
in the same configuration file is not recommended, as Realms are 
*always* evaluated before Handlers.

regards

Hugh


On Wednesday, Feb 5, 2003, at 04:14 Australia/Melbourne, Tom Swenson 
wrote:

> Just so I understand correctly. Does the handlers work like a cisco 
> access
> list in that it will start at the top of the file and the first handler
> that matches, it is completed?
>
> Tom Swenson - CTO
> NetConX - Internet Access - Client Managed Web Database Applications
> Wireless - Virus Blocking - Spam Blocking
> tom at netconx.net 					         http://www.netconx.net
> (641) 421-4170 - Voice	(641) 423-3351 - FAX
>
> There's a better way to do it. Find it!  -  Thomas Edison
>
>
> *********** REPLY SEPARATOR  ***********
>
> On 1/31/2003 at 10:35 AM Hugh Irvine wrote:
>
>> Hello Tom -
>>
>> I don't quite understand your question sorry.
>>
>> Could you give me a bit more detail please?
>>
>> If you want usernames without realms to be treated the same way as
>> those with realms, you can add a DefaultRealm parameter to your Client
>> clauses:
>>
>> # define Client clauses
>>
>> <Client ....>
>> 	.....
>> 	DefaultRealm foo.bar
>> </Client>
>>
>> .....
>>
>> regards
>>
>> Hugh
>>
>>
>> On Friday, Jan 31, 2003, at 10:04 Australia/Melbourne, Tom Swenson
>> wrote:
>>
>>> I tried this and I think it will work, but I have to figure out a way
>>> to
>>> get the default domain in there. Is there an easier way than to put 
>>> in
>>> an
>>> identifier for every client and then a handler at the end of my
>>> domains to
>>> catch all the ones without domains?
>>>
>>> Thanks again.
>>>
>>> Tom Swenson - CTO
>>> NetConX - Internet Access - Client Managed Web Database Applications
>>> Wireless - Virus Blocking - Spam Blocking
>>> tom at netconx.net 					         http://www.netconx.net
>>> (641) 421-4170 - Voice	(641) 423-3351 - FAX
>>>
>>> Your imagination is your preview of life's coming attractions - 
>>> Albert
>>> Einstein
>>>
>>>
>>> *********** REPLY SEPARATOR  ***********
>>>
>>> On 1/31/2003 at 9:24 AM Hugh Irvine wrote:
>>>
>>>> Hello Tom -
>>>>
>>>> You should not mix Realms and Handlers in the same configuration 
>>>> file
>>>> for exactly this reason - Realms are always evaluated first.
>>>>
>>>> Change your Realms to Handlers like this:
>>>>
>>>> <Realm foo.bar>
>>>> 	.....
>>>> </Realm>
>>>>
>>>> becomes
>>>>
>>>> <Handler Realm = foo.bar>
>>>> 	.....
>>>> </Handler>
>>>>
>>>> Note that Handlers are evaluated in the order they appear in the
>>>> configuration file, so the more specific must appear before the more
>>>> general, keeping in mind that you want the most hit Handlers as 
>>>> close
>>>> to the top of the list as possible.
>>>>
>>>> regards
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On Friday, Jan 31, 2003, at 04:55 Australia/Melbourne, Tom Swenson
>>>> wrote:
>>>>
>>>>> I have a newsgroup server that I have told to authenticate with the
>>>>> same
>>>>> realm as my dial in customers. I created special client for this
>>>>> server
>>>>> and then put in an identifier. I thought it would then go to the
>>>>> handler I
>>>>> created to just authenticate only. No accounting or sessions. I'm
>>>>> finding
>>>>> that it is instead of going to the handler, it is going to the 
>>>>> realm.
>>>>> The
>>>>> manual says it this is how it will do this.
>>>>>
>>>>> I don't know what to do now. Here is what I have, but I don't think
>>>>> it
>>>>> ever goes to the handler. Is there anything I can specify in the
>>>>> client
>>>>> section to make it go to a specific realm or handler?
>>>>>
>>>>> <Client xx.xx.xx.xx>
>>>>>   DupInterval 0
>>>>>   IgnoreAcctSignature
>>>>>   Secret xxxxxxxxxxx
>>>>>   Identifier newsauth
>>>>> </Client>
>>>>>
>>>>> # news group authentication
>>>>> <Handler Client-Identifier=newsauth>
>>>>>   AuthBy ID_0
>>>>>   AuthByPolicy ContinueWhileIgnore
>>>>>   RewriteUsername s/^([^@]+).*/$1/
>>>>> </Handler>
>>>>>
>>>>>
>>>>> Tom Swenson - CTO
>>>>> NetConX - Internet Access - Client Managed Web Database 
>>>>> Applications
>>>>> Wireless - Virus Blocking - Spam Blocking
>>>>> tom at netconx.net 					         http://www.netconx.net
>>>>> (641) 421-4170 - Voice	(641) 423-3351 - FAX
>>>>>
>>>>> Your imagination is your preview of life's coming attractions -
>>>>> Albert
>>>>> Einstein
>>>>>
>>>>>
>>>>> ===
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>
>>>>>
>>>>
>>>> -- 
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>> flexible with hardware, software, platform and database 
>>>> independence.
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list