Juha Heinanen wrote:
Martin Hoffmann writes:
My plan was to eventually start a branch of my own in git. Haven't gotten round to it yet.
i would do it so that if www or proxy_authorize function returns -4 (stale nonce) then i would call www or proxy_challenge with stale flag on. it would then cause stale=true to be added to the header.
That would be an option, too, but IMHO it makes the whole authorization bit in the config unnecessarily messy.
why is that? i now have,
if (!radius_proxy_authorize("$var(uri_domain)", "$var(uri_user)")) { switch ($rc) { ... case -4: xlog("L_INFO", "$rm <$ru> by <$var(uri)> has stale nonce\n"); www_challenge("$td", "1"); exit;the only thing i would need to change is www_challenge flag parameter value from "1" to "9".
Right. I can live with that. But just to illustrate my point, here is how my authentication part looks:
if (!proxy_authorize("$fd", "subcriber") { proxy_challenge("$fd", "9"); drop; }
I don't really see any reason why I would want the switch and cases when proxy_challenge() magically does what I want.
so i propose adding this:
+ 8 - build challenge header with stale=trueit would be a simple, fully backwards compatible new feature.
Okay. That would be a completely different albeit much simpler patch than mine.
Regards, Martin