Deprecated features

Paul Hampson Paul.Hampson at
Fri Jul 29 15:18:37 CEST 2005

On Fri, Jul 29, 2005 at 12:43:54PM +0200, Thor Spruyt wrote:
> Paul Hampson wrote:
> > On Fri, Jul 29, 2005 at 08:22:18AM +0200, Thor Spruyt wrote:
> >> Alan DeKok wrote:
> >>> "Thor Spruyt" <thor.spruyt at> wrote:
> >>>> Well, I experimented with rlm_exec half a year ago, and I didn't
> >>>> found it suitable for my needs, where Exec-Program and
> >>>> Exec-Program-Wait did!

> >>>   What were the differences?

> >> The rejecting was also not implemented the way I wanted it.

> > OK, so how do you want the rejecting implemented?

> If external program fails (or exit <1): don't add a fixed reply-message
> (optionally, a configurable reply-message could be sent)
> If external program runs ok (exit 0) and wants to allow the user: let the
> external program add, modify or remove reply attributes
> If external program runs ok and wants to reject the user: let the external
> program add attributes (like reply-message)

exec testproggy {
	wait = yes
	program = "/usr/bin/testproggy ${User-Name}"
	input_pairs = request
	output_pairs = reply

Where /usr/bin/testproggy is something like

#! /bin/sh
if test $USER_REQUIREMENTS; then
	echo "Reply-Attribute = bob"
	echo "Reply-Attribute2 = down"
	return 0
	echo "Reply-Message = under"
	return 1

I really don't think your program should be failing, and if it is, I
don't expect the RADIUS server to take any notice of what is _does_ do.
And a quick glance at the code suggests that a catastrophic failure (eg
-1) return RLM_MODULE_FAIL, and doesn't do anything to the replies.

Paul "TBBle" Hampson, on an alternate email client.

More information about the Freeradius-Devel mailing list