> > > > Why do this? The ability to log things to sql post-auth is very usefull and > > I > > believe fairly widely used. What is the advantage of removing it? > > > > > Right, so you wanting to authorize people in post-auth using .... then > theres a conflict. You can't select whether you want to use the logging > function of rlm_sql or the authorisation function.
Of course you can: post-auth { sql # does the logging if (%{control:Foo-Bar}=="baz") { update reply { # does the "authorization" Baz-Attr = %{sql:select bazattr from ...} } } } In *fact* since sql_xlat function only support SELECT, there's no way of executing an SQL modify (insert, update, delete) using %{sql:} syntax - so you *have* to retain the sql post-auth logging function. The unlang is nice, but lets not all lose sight of the proven, working and tested mechanisms in the server. And while we're on the subject - lets not get caught up in some comp. sci. disagreement of what is authz versus authn. I agree that the 1.1.x terminology is very slightly confusing, and a slightly less ambiguous rename is good, but breaking working functionality at the same time is just plain wrong. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html