Digest authentication and perl authorization

tnt at kalik.net tnt at kalik.net
Mon Jan 5 17:23:06 CET 2009


>I am thinking in something like this:
>
>- Radius client (b2bua) sends an access-request with Service_type =
>"Authorize-Only"
>- Adding perl module to authorization section.
>- In authorize function of perl module check if the balance is enough
>to make the call. if yes add an attribute to the reply with granted
>credit time and return return RLM_MODULE_OK. If no, return
>RLM_MODULE_REJECT.
>

That can work. As long as radius client understands that Service-Type.

>My questions are: how is the best way of making authorization without
>authentication?
>

The way you described it.

>- Should perl module set Auth-Type := Accept if the user is authorized?
>

Yes.

>- What should I need to add in the users file for this to work,
>something like this?
>
>DEFAULT Auth-Type := Accept, Service-Type == "Authorize-Only"
>

No nedd. perl can do it all. It can add Service-Type to reply as well.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list