General question about authentication/authorization
Florian Prester
Florian.Prester at rrze.uni-erlangen.de
Fri Mar 17 10:17:32 CET 2006
Hi,
1.) in the users-file, I can only check for attributes provided by the
request - correct?
2.) in the users-file, if an entry matches all check-attributes, I can
specify an Auth/Autz-Type - correct?
3.) in the users-file, if I do not specify the Auth/Autz-Type the
radius is taken the requested Type automatically - correct?
4.) Authentication is comparing a password - correct?
5.) Authorization is even if a password is correct, the user may not
use/do something - correct?
6.) Authorization is done by providing appropriate reply-attributes -
correct?
Now the big question:
If I have an user who is authenticate, meaning correct username +
password whereas the password is stored in LDAP.
I want to replay attributes according th some other information stored
in LDAP - how can I do such a thing, like:
IF ldap-attribute::xy == valid_1 THEN RETURN ldap-attribute::IP-good,
ELSIF dap-attribute::xy == valid_2 THEN RETURN ldap-attribute::IP-better,
ELSE RETURN ldap-attribute::IP-bad
Thanks
Florian
--
Dipl. Inf. Florian Prester
Network Administration
Regionales RechenZentrum Erlangen
Universitaet Erlangen-Nuernberg
Martensstr. 1
91052 Erlangen
Germany
Tel.: +499131 8527813
More information about the Freeradius-Users
mailing list