(RADIATOR) Groups, RewriteUsername and preserving the original request

Hugh Irvine hugh at open.com.au
Tue Apr 10 16:43:41 CDT 2007 

Hello Bjoern -

What you describe below is expected and is how Radiator is designed.  
Radiator processes RADIUS requests in a linear sequential manner, and  
when a RewriteUsername is applied it remains.

BTW - the original username is preserved in the request as well as  
the rewritten username. You can access the various parts of the  
username with the special characters as defined in section 5.2 in the  
Radiator 3.17 reference manual ("doc/ref.html").

If you want to keep the original username intact, you can use a hook  
to add an attribute to the request which contains whatever version of  
the username you require.

regards

Hugh


On 10 Apr 2007, at 18:15, Bjoern A. Zeeb wrote:

> Hi,
>
> while simplifying a config we found something that seems to be
> in Radiator by design but is not necessarily logical.
>
> Assuming one has a config like (just as an example):
>
> <Handler>
> 	<AuthBy GROUP>
>
> 		RewriteUsername tr/A-Z/a-z/
>
> 		<AuthBy ..>
> 			..
> 		</AuthBy>
> 		<AuthBy ..>
> 			..
> 		</AuthBy>
> 	</AuthBy>
>
> 	<AuthBy RADIUS>
> 		..
> 	</AuthBy>
> </Handler>
>
> The result of the RewriteUsername inside the <AuthBy GROUP> will still
> be visible in the <AuthBy RADIUS> outside the <AuthBy GROUP>.
>
> If one wants to have such a behavior one would put the RewriteUsername
> inside the handler and not at that place inside the <AuthBy GROUP>.
>
> As said that seems to be "by design" but it might be a good idea to
> change that with a major release maybe along with entirely preserving
> the "original request" as received?  (I understand that a lot of
> configs will break with the former being changed)
>
>
> Regards,
> Bjoern A. Zeeb
>
> -- 
> Dipl. Ing. (BA) Bjoern A. Zeeb          Research & Development
> CK Software GmbH                        http://www.cksoft.de/
> Schwarzwaldstr. 31                      Phone: +49 7452 889 135
> D-71131 Jettingen                       Fax: +49 7452 889 136
> HRB245288, Amtsgericht Stuttgart        Geschaeftsfuehrer:  
> Christian Kratzer
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list