auto-expiring accounts w/ FreeRadius
Hi, I've been asked to set up an authentication system with automatically expiring user access ... so, once the user first loggs in, and a certain time (like e.g. 24 hours) goes by, the account is supposed to be deleted. I recon based on MySQL authentication this should be possible with FreeRadius ... can FreeRadius be configured to store a first used timestamp with an authentication entry? That way, setting up an SQL script that regularly purges the old, used entries would be easy ... Tnx, -garry - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: auto-expiring accounts w/ FreeRadius
Hi, I've been asked to set up an authentication system with automatically expiring user access ... so, once the user first loggs in, and a certain time (like e.g. 24 hours) goes by, the account is supposed to be deleted. I recon based on MySQL authentication this should be possible with FreeRadius ... can FreeRadius be configured to store a first used timestamp with an authentication entry? That way, setting up an SQL script that regularly purges the old, used entries would be easy ... if you want to, FR logs every Access-Accept. So, finding the first usage is as easy as writing an SQL query that retrieves the first Access-Accept for the user. You can base your script to delete entries upon that. Stefan Winter -- Stefan WINTER RESTENA Foundation - Réseau Téléinformatique de l'Education Nationale et de la Recherche RD Engineer 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: auto-expiring accounts w/ FreeRadius
On Thu 02 Mar 2006 10:06, Stefan Winter wrote: Hi, I've been asked to set up an authentication system with automatically expiring user access ... so, once the user first loggs in, and a certain time (like e.g. 24 hours) goes by, the account is supposed to be deleted. I recon based on MySQL authentication this should be possible with FreeRadius ... can FreeRadius be configured to store a first used timestamp with an authentication entry? That way, setting up an SQL script that regularly purges the old, used entries would be easy ... if you want to, FR logs every Access-Accept. So, finding the first usage is as easy as writing an SQL query that retrieves the first Access-Accept for the user. You can base your script to delete entries upon that. Another way to do this is to have a database trigger on accounting (or Auth) requests which update your authentication table, and include a WHERE date() - stardate 24 HOURS::INTERVAL (or something to that effect) in your auth queries. That query is _probably_ correct for Postgresql. You will of course have to modify it for other databases. The advantage of this method is that you dont need to purge anything or run any cron scripts. Everything is handled automatically by the database.. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgphT4yIzLZXr.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html