Authorization with Client PAM Library
Fajar A. Nugraha
list at fajar.net
Wed Oct 12 17:34:55 CEST 2011
On Wed, Oct 12, 2011 at 10:02 PM, Evan Huus <eapache at gmail.com> wrote:
> The authentication part has been very simple thanks to the
> pam_radius_auth PAM module (I'm using the latest version: 1.3.17).
> Authorization has not been as simple.
what permission is that?
> The best solution I've come up with has pam_radius_auth forwarding the
> Access-Accept messages to a configurable port on the local machine.
> Our daemon can then listen on that port and extract the data it needs.
> This solution is very ugly, and I'm hoping that there's a better way
> I'm just not aware of.
> Any suggestions or information you can provide are very much appreciated.
If it's simple informations traditionally available on /etc/passwd and
such, you might have better luck hacking one of the available libnss-*
to create libnss-radius.
More information about the Freeradius-Users