On Wed, Oct 12, 2011 at 10:02 PM, Evan Huus <eapache@gmail.com> wrote:
The authentication part has been very simple thanks to the pam_radius_auth PAM module (I'm using the latest version: 1.3.17). Authorization has not been as simple.
what permission is that?
The best solution I've come up with has pam_radius_auth forwarding the Access-Accept messages to a configurable port on the local machine. Our daemon can then listen on that port and extract the data it needs. This solution is very ugly, and I'm hoping that there's a better way I'm just not aware of.
Any suggestions or information you can provide are very much appreciated.
If it's simple informations traditionally available on /etc/passwd and such, you might have better luck hacking one of the available libnss-* to create libnss-radius. -- Fajar