RE: (RADIATOR) GRIC Setting

Randy Cosby Thu, 21 Oct 1999 11:31:26 -0700
First a bit of the documentation (Emphasis added):

6.4.2 DefaultRealm
This optional parameter can be used to specify a default realm to use for
REQUESTS THAT DON'T ALREADY HAVE A REALM. The realm can then be used to
trigger a specific <Realm> clause. This is useful if you operate a number of
NASs for different customer groups and where all your customers log in
without specifying a realm.

# Realmless logins to this NAS will be treated
# as if they are for realm open.com.au
<Client acc1.open.com.au>
   Secret ....
   DefaultRealm open.com.au
</Client>
<Realm open.com.au>
   .....
</Realm>
----

Here's what we do:

<Client DEFAULT>
Secret  MySecret
IgnoreAcctSignature
DefaultRealm infowest.com
</Client>

So, if a user does NOT have a realm (our normal customers), we ASSIGN them
to the infowest.com realm.  In affect, it changes their login from username
to [EMAIL PROTECTED] .  One side-benefit is that all those folks who use
their email address as their login can now authenticate successfully.

I put the authentication stuff for my normal subscribers within
<Realm infowest.com>...</realm>

I then put the gric authentication lines in the <Realm DEFAULT> </realm>

The reason this works is because EVERY user will either be
[EMAIL PROTECTED] or [EMAIL PROTECTED]

All the @infowest.com goes through the <realm infowest.com>, all the others
through <realm Default> to be  authenticated by GRIC.

Hope that clears it up for you :)

Randy

> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
> Behalf Of Ferhat Dilman
> Sent: Thursday, October 21, 1999 7:55 AM
> To: [EMAIL PROTECTED]
> Cc: Lutfi YUNUSOGLU
> Subject: (RADIATOR) GRIC Setting
>
>
> Hi,
>
> In radiator configuration manual, the GRIC setting part, it
> assumes that all
> local users are connecting using a REALM something (in the manual:
> open.com.au) and the rest is ASSUMED to be GRIC user.
>
> However in our case we don't use a REALM at all. How will I define GRIC
> since all GRIC users use different foreign realms.
>
> The only solution came to my  mind is to use multiple AUTH BY clauses in
> REALM DEFAULT using AUTHBY GROUP. However this will cause a very long
> delayed rejection messages to our local users since they will
> first try the
> local server, then will try GRIC server. Not acceptable I
> suppose. GRIC will
> also receive many wrong user authentication requests.
>
> Any solution or idea?
>
> Thanks,
>
> Ferhat
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) GRIC Setting

Reply via email to
