On Feb 10, 2016, at 10:04 AM, Jim Whitescarver <jimscarver@gmail.com> wrote:
There is no password checking ever. The password field will be used for a device name for out-of band device and biometric authentication done from python.
From the point of view of the protocols involved, your module gets passed a User-Name and User-Password, and the module returns success/fail.
I've tried using authorize { python update control { Auth-Type := example } } and authenticate {authenticate {
I'm presuming that's a typo.
Auth-Type example { python } } but I cannot get past authorize. I want authorize to always succeed!
It will if you use the above configuration. There's no magic. Setting Auth-Type in "authorize" means that the give Auth-Type will be used in "authenticate".
In example.py I have tried return (radiusd.RLM_MODULE_UPDATED, (), (('Auth-Type', 'Accept'),)) return (radiusd.RLM_MODULE_UPDATED, (), (('Auth-Type', 'example'),))
Those won't work. You've got to update one of the attribute lists.
return radiusd.RLM_MODULE_OK plus a few variation of reply = ( ('Reply-Message', 'Hello from rlm_python'), ) config = ( ('Auth-Type', 'python'), ) return (radiusd.RLM_MODULE_OK, reply, config)
That won't work either. The module configuration is available in the "config" variable. You can write to it, but the writes will be discarded. From a quick look at the code, you can only set the "reply" tuple. So what you want can't be done with python. Just write some "unlang" to check for the conditions in "authorize", and set "Auth-Type := python". Your python script can run, and just return RLM_MODULE_OK, or RLM_MODULE_FAIL. Alan DeKok.