Realm-Types
Realms
A Realm describes a administrative group of users. (Realm heißt auf deutsch Königreich,Bereich).
A full Username user@realm is a composition of the user in the Realm and the realmname realm.
Technical a Realm have nothing to do with a Internet-(Sub)domain, but is
the same concept. It may be a good idea to choose the same names for domain
and realms. So a full Username would be a E-Mail-Adress to.
Some ideas for using different Realms:
- A Customer or a Reseller have many Dialin-Accounts and wants a seperate Bill
This may be a teleworking (virtuell) firm or a Computerassocation.
- Different Groups with different rights are possible.
Perhaps you want to seperate the privat customors from your comercial clients, to give the comercial Customers global IP-Adresses and privat people local
IP-Addresses only.
- Perhaps you have many POPs and you want to give each Customor the
posibility to dail in always in the nearest POP when he is travelling.
So each POP is a seperate Realm and you could make a caching-Realm.
I have adapted the Realm-Idea form the Merit-Radiusd.
The Realms are configured in the realms-Descriptionfile.
Realm-Types
While realms are organizational entities, realm-types are Moduls in the
Radiusdaemon. On a site, each realm has a realmtype. (But different sites,
a realm has different realmtyps: On a primary-Site, it has a Database-Realmtype,
on the others it is a caching-type).
We are flexible to implement a realmtype. So we can integrate different databases in different Realmtypes. We can implement calculations, different Autorisationschemes and complicated Databasequeries and so on.
Description of the different Realms
- Berkley-DB-Realm (now http://www.sleepycat.com/db/)
is a simple Realm.
- The gdbm-Realm nearly the same, only with an other Hash-Implementation.
(Remark: There are relicts in the Sources, but currently not more full
implemented, because the Berkley-DB is really better)
- Caching-Realm implements a Proxy-Radiusd. When
a authorisationrecord is not in the Cache, a other Radiusd is asked.
- In the ADABAS-Realm a table in a ADABAS-Database from SAP keeps the Autorisation-Records. (This realmtyp is commerical, that means, I want money from you, because you must have a complex organisation to need that. When you have a complex organisation, you earn a lot of money with my software. So you can give me a bit from that. OK ?)
Rudolf Weber
Informatik- und Netzwerkverein Ravensburg e.V