rlm_realm - Man Page

The rlm_realm module parses the User-Name attribute into a User section and a Realm section.  This is used primarily in a proxy situation, however, Realms can also be used locally to provide different service profiles based on the Realm being used.

The main configuration items to be aware of are:

format

This can be either 'prefix' or 'suffix'.  It specifies whether the Realm is before or after the User portion in the User-Name string.

delimiter

A single character in quotes, which is used as the delimiting character that separates the Realm and User sections of the string.

ignore_default

This is set to either 'yes' or 'no'.  If set to 'yes', this will  prevent the module instance from matching a realm against the DEFAULT entry.  This may be useful if you have multiple realm module instances. The default is 'no'.

ignore_null

This is set to either 'yes' or 'no'.  If set to 'yes', this will  prevent the module instance from matching a realm against the NULL entry.  This may be useful if you have multiple realm module instances. The default is 'no'.

This module parses the realm from the User-Name attribute according to the instance configuration, and then performs a lookup to find a matching realm in the '/etc/raddb/proxy.conf' file.  Depending on the configuration of the Realm as matched in the file, the username may be rewritten in a 'stripped' format, or with the Realm portion removed.  In either case, a Realm attribute is created and added to the packet on a match, which can be used by other modules.

modules {
  ... stuff here ...
  # useranme@realm syntax
  realm suffix {
    format = suffix
    delimiter = "@"
  }
   # realm/username syntax
   realm prefix {
    format = prefix
    delimiter = "/"
  }
  ... stuff here ...
}

authorization, pre-accounting

/etc/raddb/radiusd.conf, /etc/raddb/proxy.conf

radiusd(8), radiusd.conf(5), proxy.conf(5)

Chris Parker, cparker@segv.org