This optional parameter allows you to change the way Radiator
interprets the result of the AuthSelect statement. If you do not specify
any AuthColumnDef parameters, Radiator assumes that
the first column returned is the password; the second is the check items
(if any) and the third is the reply items (if any). If you specify any
AuthColumnDef parameters, Radiator uses the column
definitions you provide.
AuthColumnDef ignores
the returned columns if their value is one of the following:
- NULL
- Empty value
- Single NULL octet value
You can specify any number of AuthColumnDef
parameters, one for each interesting field returned by AuthSelect. The
general format is:
AuthColumnDef n, attributename, type[, formatted]
n is the index of the field in the result of
AuthSelect. 0 is the first field.attributename is the name of the attribute to
be checked or replied. The value of the attribute is in the nth field
of the result. The special attributename
"GENERIC" indicates that it is a list of comma separated
attribute=value pairs.type indicates whether it is a
check or reply item. A type
of request sets the named attribute in the
incoming request, from where it can be retrieved later in the
authentication process with special formatting characters.formatted, if this keyword is present, the
value retrieved from the database is subject to special character
processing before its value is used, and can therefore contain
%{something} forms which are replaced at
authentication time. Reply items values are always formatted when they
are added to a reply. Therefore there is typically no need to use this
flag when the type is reply.
Example
The standard default AuthSelect statement is:
AuthSelect select PASSWORD from SUBSCRIBERS \
where USERNAME=%0
This returns a single plain text
password check item. The result can be interpreted with:
AuthColumnDef 0, User-Password, check
Example
Here is a more complicated AuthSelect
statement:
AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \
from SUBSCRIBERS \
where USERNAME=%0
The previous example returns 3 fields in
the result. The first is a plain text password, the second is a string of
check items like "Service-Type=Framed-User, Expiration="Feb 2 1999"", and
the third field is a string of reply items like
"Framed-Protocol=PPP,Framed-IP-Netmask =
255.255.255.0,OSC-Timestamp=%t,....". Special %-formats are expanded when
a reply is constructed. This applies to all attributes, including those
have special name "GENERIC". The result can be interpreted
with:
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, GENERIC, check
AuthColumnDef 2, GENERIC, reply
Note
If your PASSWORD column
contains a Unix encrypted password and you are using
AuthColumnDef, you need to set it like
this:
AuthColumnDef 0, Encrypted-Password, check
Example
Here is an example AuthSelect statement:
AuthSelect select SERVICE, PASSWORD, MAXTIME
from SUBSCRIBERS \
where USERNAME=%0
This returns 3 fields in the result. The
first is a Service-Type to check, the next is a plain text password and
the last is the number of seconds to send back in Session-Timeout. The
result can be interpreted with:
AuthColumnDef 0, Service-Type, check, formatted
AuthColumnDef 1, User-Password, check
AuthColumnDef 2, Session-Timeout, reply
In this example, column
0 is interpreted for special characters before being used as a check item
for the Service-Type parameter.
Example
Here is an example of using NULL values for customising user
authorisation:
AuthColumnDef 1, NAS-IP-Address, check
AuthColumnDef 2, Framed-IP-Address, reply
This allows you to
restrict certain users so that they can only log in from a certain NAS.
The unrestricted users have column 1 set to NULL. Likewise, users with
static IP address have non-NULL value in column 2.
