NAME
rlm_realm - FreeRADIUS Module
DESCRIPTION
The rlm_realm module parses the User-Name attribute into a User section
and a Realm section. This is used primarily in a proxy situation,
however, Realms can also be used locally to provide different service
profiles based on the Realm being used.
The main configuration items to be aware of are:
format This can be either ’prefix’ or ’suffix’. It specifies whether
the Realm is before or after the User portion in the User-Name
string.
delimiter
A single character in quotes, which is used as the delimiting
character that separates the Realm and User sections of the
string.
ignore_default
This is set to either ’yes’ or ’no’. If set to ’yes’, this will
prevent the module instance from matching a realm against the
DEFAULT entry. This may be useful if you have multiple realm
module instances. The default is ’no’.
ignore_null
This is set to either ’yes’ or ’no’. If set to ’yes’, this will
prevent the module instance from matching a realm against the
NULL entry. This may be useful if you have multiple realm
module instances. The default is ’no’.
This module parses the realm from the User-Name attrbiute according to
the instance configuration, and then performs a lookup to find a
matching realm in the ’/etc/raddb/proxy.conf’ file. Depending on the
configuration of the Realm as matched in the file, the username may be
rewritten in a ’stripped’ format, or with the Realm portion removed.
In either case, a Realm attribute is created and added to the packet on
a match, which can be used by other modules.
CONFIGURATION
modules {
... stuff here ...
# useranme@realm syntax
realm suffix {
format = suffix
delimiter = "@"
}
# realm/username syntax
realm prefix {
format = prefix
delimiter = "/"
}
... stuff here ...
}
SECTIONS
authorization, pre-accounting
FILES
/etc/raddb/radiusd.conf, /etc/raddb/proxy.conf
SEE ALSO
radiusd(8), radiusd.conf(5), proxy.conf(5)
AUTHORS
Chris Parker, cparker@segv.org
14 March 2004 rlm_realm(5)