29 Oct
2008
29 Oct
'08
5:50 a.m.
The pam_radius module currently uses the service-type authenticate-only when sending an access-request.
The rfc says this about "authenticate only": Only Authentication is requested, and no authorization information needs to be returned in the Access-Accept
Does this mean that if I want the server to send some VSA in the reply-message i should not use this?
No. "no authorization information *needs* to be returned" - not required but you *can* do it if you want.
Is it OK to not send any service-type?
Yes, that or any other attribute in the reply. For services that *really* don't require any authorization attributes. Ivan Kalik Kalik Informatika ISP