gorhamc
commented
4 years ago @bontibon would you mind taking a look and letting me know your thoughts?
Closed gorhamc closed 1 year ago
gorhamc
commented
4 years ago @bontibon would you mind taking a look and letting me know your thoughts?
ghost
commented
4 years ago @gorhamc Thanks for the implementation. I'm currently exploring a middleware-based approach to server request handling, which would allow for more customization in the secret handling. I'll ping you when I have something to review.
sneakywombat
commented
4 years ago @bontibon would you mind making another branch so we could follow along? I'd love to watch progress. I assume this will be a breaking change as well.
This PR is in response to Issue #82 .
Summary: These changes add another method of determining a secret to use for an incoming radius packet, without modifying the existing behavior of SecretSource interface. Relying on Remote Address is sadly really painful to do in my current employer's environment. It is much easier for us to rely on NAS-Identifier information, or possibly other attributes.
My goal with the first attempt at this was to not cause any breaking changes to the existing SecretSource interface. I'm open to any suggestion on how to do this differently. It is probably a bit cleaner to just extend the existing SecretSource method to also accept the wire format bytes, but I wasn't sure how you would feel about a breaking change like that.