Using X.509 Cert. subject and issuer for authorization with EAP-TLS

Arran Cudbard-Bell A.Cudbard-Bell at
Sun Apr 13 14:06:56 CEST 2008

>   No.  The "post-auth" section exists for precisely that purpose.

Well, ish... it seems it's still undergoing a bit of an existential 
crisis in 2.*.

"Hi I'm the post-auth section, i'm here to assign service authorization 
attributes after my friend the auth section has determined the validity 
of the users authentication attempt. But oh no, rlm_sql why are you 
logging requests here... no no no, you should be *authorizing* requests 
here and, arg someones already formulated a response; what am I for why 
am I here, so many questions..."

Maybe in 3.* ;-)
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See


More information about the Freeradius-Devel mailing list