3.37.3. AuthColumnDef Previous topic Parent topic Child topic Next topic

This optional parameter allows you to change the way Radiator interprets the result of the AuthSelect statement. If you do not specify any AuthColumnDef parameters, Radiator assumes that the first column returned is the password; the second is the check items (if any) and the third is the reply items (if any). If you specify any AuthColumnDef parameters, Radiator uses the column definitions you provide.
AuthColumnDef ignores the returned columns if their value is one of the following:
  • NULL
  • Empty value
  • Single NULL octet value
You can specify any number of AuthColumnDef parameters, one for each interesting field returned by AuthSelect. The general format is:
AuthColumnDef n, attributename, type[, formatted]
  • n is the index of the field in the result of AuthSelect. 0 is the first field.
  • attributename is the name of the attribute to be checked or replied. The value of the attribute is in the nth field of the result. The special attributename "GENERIC" indicates that it is a list of comma separated attribute=value pairs.
  • type indicates whether it is a check or reply item. A type of "request" sets the named attribute in the incoming request, from where it can be retrieved later in the authentication process with special formatting characters.
  • formatted, if this keyword is present, the value retrieved from the database is subject to special character processing before its value is used, and can therefore contain %{something} forms which are replaced at authentication time.

Example

The standard default AuthSelect statement is:
AuthSelect select PASSWORD from SUBSCRIBERS \
      where USERNAME=%0
This returns a single plain text password check item. The result can be interpreted with:
AuthColumnDef 0, User-Password, check

Example

Here is a more complicated AuthSelect statement:
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
      from SUBSCRIBERS \
      where USERNAME=%0
The previous example returns 3 fields in the result. The first is a plain text password, the second is a string of check items like "Service-Type=Framed-User, Expiration="Feb 2 1999"", and the third field is a string of reply items like "Framed-Protocol=PPP,Framed-IP-Netmask = 255.255.255.0,...." . The result can be interpreted with:
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
Note
If your PASSWORD column contains a Unix encrypted password and you are using AuthColumnDef, you need to set it like this:
AuthColumnDef 0, Encrypted-Password, check

Example

Here is an example AuthSelect statement:
AuthSelect select SERVICE, PASSWORD, MAXTIME 
      from SUBSCRIBERS \
      where USERNAME=%0
This returns 3 fields in the result. The first is a Service-Type to check, the next is a plain text password and the last is the number of seconds to send back in Session-Timeout. The result can be interpreted with:
AuthColumnDef 0, Service-Type, check, formatted
AuthColumnDef 1, User-Password, check
AuthColumnDef 2, Session-Timeout, reply
In this example, column 0 is interpreted for special characters before being used as a check item for the Service-Type parameter.

Example

Here is an example of using NULL values for customising user authorisation:
AuthColumnDef 1, NAS-IP-Address, check
AuthColumnDef 2, Framed-IP-Address, reply
This allows you to restrict certain users so that they can only log in from a certain NAS. The unrestricted users have column 1 set to NULL. Likewise, users with static IP address have non-NULL value in column 2.