[RADIATOR] Upgrade to 4.6 caused me problems

[Jethro R Binks]

I lately upgraded from an aged 3.17.1 to 4.6+patches.  Basic 
authentication was fine with virtually no config file changes (hurrah 
thankyou!), but EAP stuff has been giving me headaches.

For one thing, I had to juggle the locations of stuff like EAPType and 
EAPTLS_CAFile: I did have these set at the AuthBy GROUP level in some 
cases, but had to move them into the actual real AuthBy clauses.  Does 
that sound reasonable?  Perhaps this has something to do with it: 
"Improvements to AuthBy GROUP so that it better handles chains of 
authenticators with EAP type requests, such as LEAP, EAP-MSCHAPV2 etc. 
Reported by Jani Kariniemi."

However this bit in particular is bugging me.  I will happily accept that 
I've missed something in the release notes somewhere, but for a typical 
configuration where there are matches for the inner auth and outer auth, I 
used to have:

  <Handler Realm="strath.ac.uk", TunnelledByTTLS=1>

to match the inner auth.  This now no longer works since the upgrade: the 
handler is not matched.  This works:

  <Handler TunnelledByTTLS=1>

but now I've lost my ability to do things per-realm (I didn't need to 
though).  On the basis of that quick description, have I missed something?  
Or is there a bug?

A couple of other minor things I have noted along the way:

"Revision 4.1 (2008-02-22) Bug fixes
 ...
Reinstated support for EAPErrorReject which was accidentally lost from 
some modules."

But "EAPErrorReject" is not documented, nor does Google find any hits 
other than the release notes.

Also, I took the notion to define a GlobalVar for the location of my cert 
stuff.  Unfortunately, it seems EAPTLS_PrivateKeyFile and friends do not 
parse their argument for GlobalVars, so I couldn't do:

EAPTLS_PrivateKeyFile %{GlobalVar:CertDir}/cert-srv.pem

Thanks,

Jethro.

.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK