rlm_realm(5) FreeRADIUS Module rlm_realm(5)NAMErlm_realm - FreeRADIUS Module
DESCRIPTION
The rlm_realm module parses the User-Name attribute into a User section
and a Realm section. This is used primarily in a proxy situation, how‐
ever, Realms can also be used locally to provide different service pro‐
files based on the Realm being used.
The main configuration items to be aware of are:
format This can be either 'prefix' or 'suffix'. It specifies whether
the Realm is before or after the User portion in the User-Name
string.
delimiter
A single character in quotes, which is used as the delimiting
character that separates the Realm and User sections of the
string.
ignore_default
This is set to either 'yes' or 'no'. If set to 'yes', this will
prevent the module instance from matching a realm against the
DEFAULT entry. This may be useful if you have multiple realm
module instances. The default is 'no'.
ignore_null
This is set to either 'yes' or 'no'. If set to 'yes', this will
prevent the module instance from matching a realm against the
NULL entry. This may be useful if you have multiple realm mod‐
ule instances. The default is 'no'.
This module parses the realm from the User-Name attrbiute according to
the instance configuration, and then performs a lookup to find a match‐
ing realm in the '/etc/raddb/proxy.conf' file. Depending on the con‐
figuration of the Realm as matched in the file, the username may be
rewritten in a 'stripped' format, or with the Realm portion removed.
In either case, a Realm attribute is created and added to the packet on
a match, which can be used by other modules.
CONFIGURATION
modules {
... stuff here ...
# useranme@realm syntax
realm suffix {
format = suffix
delimiter = "@"
}
# realm/username syntax
realm prefix {
format = prefix
delimiter = "/"
}
... stuff here ...
}
SECTIONS
authorization, pre-accounting
FILES
/etc/raddb/radiusd.conf, /etc/raddb/proxy.conf
SEE ALSOradiusd(8), radiusd.conf(5), proxy.conf(5)AUTHORS
Chris Parker, cparker@segv.org
14 March 2004 rlm_realm(5)