>>>>> "Alan" == Alan DeKok <[log in to unmask]> writes:
O, cool!
We're a few weeks behind.
I am using the old one.
It "works" but I'd already run into to some issues that caused
"audit and fix rlm_sql_sqlite" to end up on my todo list.
It's great to hear that seems to have happened.
I'll rebase forward once we get a full system working.
>> We've also enhanced FreeRADIUS to query this database from the
>> server PSK callback.
Alan> That makes sense.
What we do is call radius_xlat with what's now a hard-coded string.
We insert an internal attribute with the key id into the config items as
well as looking up that key.
That way later unlang (or modules) can use the key id for various
authorization.
Long term, I think this would be reasonable if rather than hard-coding
the string to pass into radius_xlat, we add that to the tls
configuration.
It might even be reasonable to just radius_xlat the psk_hexphrase config
item.
You'd either need to set it to a single-quoted string that would be
expanded while processing the request or set it to a constant hexphrase
depending on your configuration.
Or perhaps leaving hexphrase alone and using a different config item
makes sense.
--Sam
|