opnsense
net/freeradius: multiple Cisco-AV-Pair with the same name
Important notices Before you add a new report, we ask you kindly to acknowledge the following:
- [X] I have read the contributing guide lines at https://github.com/opnsense/plugins/blob/master/CONTRIBUTING.md
- [X] I have searched the existing issues, open and closed, and I'm convinced that mine is new.
- [X] When the request is meant for an existing plugin, I've added its name to the title.
Is your feature request related to a problem? Please describe.
The Cisco-AV-Pair feature (introduced in the pull-request #1619 ) allows appending useful configuration to a response for a user authentication request (e.g., the famous shell:priv-lvl=15 for privileged access). Although these items can be configured per-user, there is no way to distinguish between two "av-pairs" with the same "name".
The situation is the following: suppose you have multiple users, and you want to give different values for the same av-pair to different users (e.g., bob has shell:priv-lvl=15 and alice has shell:priv-lvl=1). Currently, even if you can create multiple av-pairs with the same name (and different value), you can't distinguish them when configuring/adding the user.
Describe the solution you'd like
I would like to have a way to distinguish av-pairs with the same name and different content (e.g., by putting the entire av-pair name=value in the select box for the user, or by allowing the user to specify an actual name when creating the pair).
Additional context n/a
