rlm_perl question (was Re: General question about authentication/authorization)
George C. Kaplan
gckaplan at ack.berkeley.edu
Fri Mar 17 18:21:05 CET 2006
Phil Mayers wrote:
> Sort of. AFAIK nothing else sets Autz-Type. But quite a few modules set
> Auth-Type based on the incoming requests e.g. the "mschap" modules sets
> Auth-Type=MS-CHAP if the mschap attributes are in the request. Ditto the
> "chap" and "eap" modules. "pap" is a bit more complex and has changed in
> CVS head.
>
> Generally, you should not set Auth-Type in the users file. It's a sign
> you're doing something wrong. Perhaps if you told us what you're trying
> to do?
I've been wondering about this, in relation to the rlm_perl module. We
see "Don't set Auth-Type in the users file" all over the place, but with
rlm_perl, the %RAD_CHECK hash is read-only. So if I'm using perl for
authorization, I *have to* set the Auth-Type in the users file.
This isn't really a problem (since it all works the way I want), but it
seems inconsistent, especially considering that other modules can modify
the request or check items. So, why were %RAD_CHECK and %RAD_REQUEST
made read-only?
--
George C. Kaplan gckaplan at ack.berkeley.edu
Communication & Network Services 510-643-0496
University of California at Berkeley
More information about the Freeradius-Users
mailing list