Phil Mayers wrote: > On Fri, 2007-07-06 at 11:49 +0200, Alan DeKok wrote: > >> Stefan Winter wrote: >> >>> It's a long shot, but: wouldn't it make sense to clear the wording for 2.0? >>> I >>> know, it would break all existing configs out there, but manually working >>> through the config is needed anyways... >>> I know that this wording startled me quite a bit when I was new here... >>> >> It's worth doing. >> >> The problem is we can't call the post-authentication step "authorize", >> because that will confuse everyone upgrading from 1.x. >> >> I think the default configuration should be "pre-auth", "auth", and >> "post-auth". We can still accept "authorize" as a synonym for >> "pre-auth" in the short term. >> > > +1 - excellent idea > > > +1 - Makes more sense...
So proxying logic is done in pre-auth , authentication in auth , and reply formulation in post-auth... Yeah far better :) No more reply formulation for users who are going to be rejected .... + Remove post auth query from SQL module ... functionality can be replicated in unlang with minimum of fuss. so authorisation method of rlm_sql gets mapped to post-auth as well as pre-auth. Though I feel sorry for migrating users... Though this now follows the standard aaa logic, Authenticate Authorise Account, so might be less confusing for new users. --- Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html