Auth-Type discussion

Alan DeKok aland at deployingradius.com
Mon Aug 7 16:43:56 CEST 2006


Geoffroy Arnoud <garnoud at yahoo.co.uk> wrote:
> Maybe my mail will be out of the discussion, but we plan in middle
> term to migrate an existing AAA system from a commercial software to
> FreeRADIUS.

  I don't mind hearing that. :)

> All authentication is planned to be done with custom modules, and in
> order to have good software maintenability, we plan to make 1 module
> per traffic type (local prepaid, local postpaid...) + 1 module for
> traffic identification. Therefore we are likely to use the Auth-Type
> (and thus Acct-Type) feature.

  OK... about the only times you need a custom authentication type are:

  a) you need to support a new authentication protocol
  b) you need to interact with another authentication server (e.g. ntlm_auth)

  If neither matches your systems, I'd think carefully about using
Auth-Type.  It's probably the wrong solution to the problem.

> Knowing that Auth-Type is likely to disappear may not be good news
> for our forseen implementation.

  The functionality won't go away, that's definite.

  However, it may be more difficult to use, for the simple reason that
so many people get it wrong.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list