Menu

Realms

Dirk van der Walt

Introduction

Realms are used as a means to group Permanent Users and Vouchers. This means that each Permanent User or Voucher on RADIUSdesk will belong to a Realm.

Realm types

Realms in RADIUSdesk can be divided into two groups

  • Local realms
  • Advanced realms

Local Realms

  • Each Permanent User and Voucher will belong to a local realm.
  • Traditionally, according to the workings of the RADIUS protocol, a username will typically end with a special delimiter character followed by a suffix.
  • The suffix will them be the name of the realm. e.g with john.smith@ri the value of the realm is ri.

A more flexible way

  • RADIUSdesk allows for a user to have any username and still belong to a realm.
  • This makes it handy where permanent users can for instance use their gmail username and thus waving the imposed suffix restriction. e.g. john.smith@gmail.com instead of john.smith@ri.
  • This also makes it easy for a user to move between realms without the need for their username to change.
  • You are however still free to make use of the traditional naming convention imposed by RADIUS when defining a user that belongs to a realm.

Advanced Realms

  • This feature is still under development. When it is complete, it will allow you to declare certain Realms which will be forwarded to downstream RADIUS servers.
  • This is very handy when you are joining a set-up like Eduroam.

Public and private Local Realms

  • When you add a realm; you have to select an Access Provider which will become the owner of the realm.
  • You also have an option to make the realm available to sub-providers.
  • If a realm is flagged to be available to sub-providers; any Access Provider that is a sibling to the owner of the realm, will be allowed the opportunity to manage Permanent Users and Vouchers belonging to this public realm.
  • Notice the emphasis on opportunity since each sub-provider must first be specifically assigned to a realm before they can manage Permanent Users and Vouchers belonging to this realm.
  • If a realm is flagged NOT to be available to sub-providers; the realm will only be available to the owner of the realm, making it private.