1rlm_realm(5)                   FreeRADIUS Module                  rlm_realm(5)
2
3
4

NAME

6       rlm_realm - FreeRADIUS Module
7

DESCRIPTION

9       The rlm_realm module parses the User-Name attribute into a User section
10       and a Realm section.  This is used primarily in a proxy situation, how‐
11       ever, Realms can also be used locally to provide different service pro‐
12       files based on the Realm being used.
13
14       The main configuration items to be aware of are:
15
16       format This can be either 'prefix' or 'suffix'.  It  specifies  whether
17              the  Realm  is before or after the User portion in the User-Name
18              string.
19
20       delimiter
21              A single character in quotes, which is used  as  the  delimiting
22              character  that  separates  the  Realm  and User sections of the
23              string.
24
25       ignore_default
26              This is set to either 'yes' or 'no'.  If set to 'yes', this will
27              prevent  the  module  instance from matching a realm against the
28              DEFAULT entry.  This may be useful if you  have  multiple  realm
29              module instances.  The default is 'no'.
30
31       ignore_null
32              This is set to either 'yes' or 'no'.  If set to 'yes', this will
33              prevent the module instance from matching a  realm  against  the
34              NULL  entry.  This may be useful if you have multiple realm mod‐
35              ule instances.  The default is 'no'.
36
37       This module parses the realm from the User-Name attrbiute according  to
38       the instance configuration, and then performs a lookup to find a match‐
39       ing realm in the '/etc/raddb/proxy.conf' file.  Depending on  the  con‐
40       figuration  of  the  Realm  as matched in the file, the username may be
41       rewritten in a 'stripped' format, or with the  Realm  portion  removed.
42       In either case, a Realm attribute is created and added to the packet on
43       a match, which can be used by other modules.
44
45       In order to force proxying for a request,  set  the  Proxy-To-Realm  :=
46       "realm-name" in the users file, or in a database such as SQL.
47

CONFIGURATION

49       modules {
50         ... stuff here ...
51         # useranme@realm syntax
52         realm suffix {
53           format = suffix
54           delimiter = "@"
55         }
56          # realm/username syntax
57          realm prefix {
58           format = prefix
59           delimiter = "/"
60         }
61         ... stuff here ...
62       }
63

SECTIONS

65       authorization, pre-accounting
66

FILES

68       /etc/raddb/radiusd.conf, /etc/raddb/proxy.conf
69

SEE ALSO

71       radiusd(8), radiusd.conf(5), proxy.conf(5)
72

AUTHORS

74       Chris Parker, cparker@segv.org
75
76
77
78                                  19 May 2006                     rlm_realm(5)