rlm_perl question (was Re: General question about authentication/authorization)
Alan DeKok
aland at ox.org
Fri Mar 17 19:33:51 CET 2006
"George C. Kaplan" <gckaplan at ack.berkeley.edu> wrote:
> I've been wondering about this, in relation to the rlm_perl module. We
> see "Don't set Auth-Type in the users file" all over the place, but with
> rlm_perl, the %RAD_CHECK hash is read-only. So if I'm using perl for
> authorization, I *have to* set the Auth-Type in the users file.
It's not "don't set Auth-Type in the users file", it's "don't set it
ANYWHERE". Almost all instances of people forcibly setting it are wrong.
There *are* a few places where setting it is OK, but those are rare,
and require carefully analyzing what you're doing.
> This isn't really a problem (since it all works the way I want), but it
> seems inconsistent, especially considering that other modules can modify
> the request or check items. So, why were %RAD_CHECK and %RAD_REQUEST
> made read-only?
No idea. They should be writable.
Alan DeKok.
More information about the Freeradius-Users
mailing list