8 Jul
2009
8 Jul
'09
7:39 a.m.
Hi,
authorize { if((User-Name == User-Password) && %{ldap:etc...}){ update control { Auth-Type := 'NULL' } } else { // Authentication modules } }
Auth-Type NULL { ok }
this is pretty uch what is already on the system - the trouble then is that people can then just login by using any account so long as the password is the same value eg hacker hacker they dont even need a valid account to actually authenticate. what we need is for the X=Y to work for authorise and then not give a damn about authentication - but, as said, looks like we cannot distinguish between auth and auth (if you get what I mean ;-) ) - if only we could send Service-Type from the device... alan