This document is a Mac OS X manual page. Manual pages are a command-line technology for providing documentation. You can view these manual pages locally using the man(1) command. These manual pages come from many different sources, and thus, have a variety of writing styles.

This manual page is associated with Mac OS X Server. It is not available on standard Mac OS X (client) installations.

For more information about the manual page format, see the manual page for manpages(5).

rlm_realm(5)                                  FreeRADIUS Module                                 rlm_realm(5)



NAME
       rlm_realm - FreeRADIUS Module

DESCRIPTION
       The rlm_realm module parses the User-Name attribute into a User section and a Realm section.  This is
       used primarily in a proxy situation, however, Realms can also be used locally  to  provide  different
       service profiles based on the Realm being used.

       The main configuration items to be aware of are:

       format This  can  be  either 'prefix' or 'suffix'.  It specifies whether the Realm is before or after
              the User portion in the User-Name string.

       delimiter
              A single character in quotes, which is used as the delimiting  character  that  separates  the
              Realm and User sections of the string.

       ignore_default
              This  is  set to either 'yes' or 'no'.  If set to 'yes', this will prevent the module instance
              from matching a realm against the DEFAULT entry.  This may be  useful  if  you  have  multiple
              realm module instances.  The default is 'no'.

       ignore_null
              This  is  set to either 'yes' or 'no'.  If set to 'yes', this will prevent the module instance
              from matching a realm against the NULL entry.  This may be useful if you have  multiple  realm
              module instances.  The default is 'no'.

       This  module  parses  the realm from the User-Name attrbiute according to the instance configuration,
       and then performs a lookup to find a matching realm in the '/etc/raddb/proxy.conf'  file.   Depending
       on  the  configuration  of  the  Realm  as  matched  in  the file, the username may be rewritten in a
       'stripped' format, or with the Realm portion removed.  In either case, a Realm attribute  is  created
       and added to the packet on a match, which can be used by other modules.

       In  order  to force proxying for a request, set the Proxy-To-Realm := "realm-name" in the users file,
       or in a database such as SQL.

CONFIGURATION
       modules {
         ... stuff here ...
         # useranme@realm syntax
         realm suffix {
           format = suffix
           delimiter = "@"
         }
          # realm/username syntax
          realm prefix {
           format = prefix
           delimiter = "/"
         }
         ... stuff here ...
       }


SECTIONS
       authorization, pre-accounting


FILES
       /etc/raddb/radiusd.conf, /etc/raddb/proxy.conf


SEE ALSO
       radiusd(8), radiusd.conf(5), proxy.conf(5)

AUTHORS
       Chris Parker, cparker@segv.org



                                                 19 May 2006                                    rlm_realm(5)