Password Policies?

[Alan DeKok]

Justin Steward wrote:
> That's not a problem as I'll be extending the client application to add
> in the password policy mechanisms, I can force it to behave however I
> want (almost). How would I go about configuring radius to send an
> expired message? Ideally the message would form part of an access-reject
> statement.

  Then it has to go into a Reply-Message attribute.

  Unless you're doing EAP.  In which case you have to extend the EAP
authentication method to handle sending messages inside of EAP.

  Alan DeKok.