Re: [radsecproxy] F-Ticks VISINST default
28 Jun
2016
28 Jun
'16
11:55 p.m.
Hi Fabian
On 2016-06-28 15:40, Fabian Mauchle wrote:
On 28/06/16 07:27, Zenon Mousmoulas wrote:
You are absolutely right.
I was somehow hoping that radsecproxy would fall back to using
Operator-Name if fticksVISINST is not set, and then perhaps fall back to
client block name. I have now understood this is unfortunately not an
option.
It would also not make sense to sacrifice logging VISINST, switching
from FTicksReporting Full to Basic, just for some outlier cases, such as
the particular client.
Thanks,
Z.
If a client has no fticksVISINST set, this means
radsecproxy will log
the client name instead.
Yes that is intended and also stated in the
documentation.
However that may not be a valid operator-name
(1<domain>) and it
probably won't convey anything meaningful: if you don't set
fticksVISINST you probably expect requests from different operators
to be proxied through that client.
The f-ticks does not require the VISINST to
conform to the
operator-name format. It's basically free-text hand has no further
meaning (see Geant deliverable DJ3.1.2,1: Roaming Developments). You
can either send f-ticks in a short format (just the VISCOUNTRY) or in
a long format (including the VISINST). Which one to use is set by the
global option FTicksReporting (None, Basic or Full).
If the Operator-Name attribute value won't be
used in the absence of
fticksVISINST, then I guess it would be better to have an empty
VISINST (not sure if that would be valid).
No, it wouldn't. The only option
would be to use the short format (see
above).