I have a Linux L system in which the password authentication is carried out against a remote RADIUS server R by means of PAM in L. This works as expected, but I would like to use this mechanism to do authorization chores, besides the authentication ones. As part of a successful authentication, R will send back to L (in addition to the successful authentication packet) a series of attributes that L will interpret as authorization parameters - e.g. a list of groups that the user that has been authenticated is to belong to. My understanding is that the PAM RADIUS module pam_radius.so is the one that interacts with the RADIUS server, and it therefore behooves this module to interpret the authentication information, and act on it. Looking into the documentation for the current pam_radius.so module, it would seem that it contains no support for this - i.e. in order to accomplish what I am describing I need to develop a PAM RADIUS of my own. Is this correct?