[RADIATOR] DefaultRealm definition
Heikki Vatiainen
hvn at open.com.au
Fri Dec 8 20:39:38 UTC 2017
On 08.12.2017 14:14, Robert Blayzor wrote:
> If you have a DefaultRealm under a client definition, at what point
> is the “Realm” attribute populated?
Please see the discussion from November:
http://lists.open.com.au/pipermail/radiator/2017-November/021057.html
To summarise: Realm is not an attribute. It is constructed from username
when it's needed for example, in Handler Realm=...
> I have a prehandler hook that looks for realmed vs non-realmed users,
> and it never appears that get_attr yields Realm populated?
Yes, that's correct. Also, if you were to add Realm attribute with
add_attr, it would still not be used with Handler Realm=... Most likely
it would make things just more complex.
> Under a client definition, if a user does not log in with a @realm,
> does the defaultRealm definition re-write the username to include
> it?
Yes, that's what happens. Username is re-written just before
PreHandlerHook is called for client.
> I have a NAS where all users do not log in with a @realm, and trying
> to determine the best way to get that realm in Prehandler hook. It
> looks like maybe looking at the username for @? The attribute
> “Realm” does not seem to get populated with what’s in defaultrealm.
PreHandlerHook should see the usernames as they were received, or if
there was no @realm, then with the @realm appended. But there will be no
Realm attribute.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
More information about the radiator
mailing list