exec external script on successful proxy authentication

Garber, Neal Neal.Garber at energyeast.com
Fri Oct 27 20:29:51 CEST 2006


> you are saying that it is possible to put the "exec" module into this
> stage?  

Well, under the heading "I'd rather teach you to fish than give you
a fish", you can determine this by looking at the source.  If you
look at the bottom of src/modules/rlm_exec.c, you'll find:

module_t rlm_exec = {
  "exec",       /* Name */
  RLM_TYPE_THREAD_SAFE,   /* type */
  NULL,       /* initialization */
  exec_instantiate,   /* instantiation */
  {
    exec_dispatch,    /* authentication */
    exec_dispatch,          /* authorization */
    exec_dispatch,    /* pre-accounting */
    exec_dispatch,    /* accounting */
    NULL,     /* check simul */
    exec_dispatch,    /* pre-proxy */
    exec_dispatch,    /* post-proxy */
    exec_dispatch   /* post-auth */
  },
  exec_detach,      /* detach */
  NULL,       /* destroy */
};

This indicates that post-proxy and post-auth are valid for rlm_exec.
If you do the same for rlm_files.c, you'll see NULL for post-proxy
and post-auth.  So, files does nothing in these stages.

> If this is so, what is the syntax?  In the other places exec
> module was used from the users file with something like

Read radiusd.conf.  You would define the module and then use it 
in the post-proxy or post-auth section of that file.





More information about the Freeradius-Users mailing list