Re: Auth-Test accounts in "users" file

[James McOrmond <jamesm@xandros.com>]

Alan DeKok wrote:
> James McOrmond wrote:
>   
> > Is it possible/appropriate to have some test accounts in the "users"
> > file, along with an Auth-Type set to which auth type this account can be
> > used for?
> >     
>
>   Yes.  But don't set Auth-Type.  Please.
>   
you seem to have a real issue with it :-)

> > We're testing a client that we're building (based on wpa_supplicant on
> > linux), so would like to confirm the different auth methods are actually
> > connecting as configured.
> >     
>
>   I would say to use 2.0.  The new "unlang" policy language makes this
> much easier.
>
>   
> > I was thinking something like:
> >
> > test-pap   Auth-Type = PAP, User-Password := "pap-test"
> > test-chap Auth-Type = CHAP, User-Password := "chap-test"
> >     
>
>   Or...
>
>  if (User-Name == "test-pap") {
> 	if (User-Password)  {
> 		update control {
> 			Cleartext-Password := "pap-test"
> 		}
>         }
> 	else {
> 		# test failed, do something...
> 		reject
> 	}
>  }
>
>
>   It's a lot more verbose, but also a lot clearer, I think.
>   
I specifically want the test-pap account to fail if the authentication 
method used is anything but pap.  I don't see that restriction here.


--
James A. McOrmond (jamesm@xandros.com)
Network Administrator
Xandros Corporation, Ottawa, Canada.
Morpheus: ...after a century of war I remember that which matters most:
*We are still HERE!*