Plug-in Question
Tomas Hoger
tomas.hoger at gmail.com
Fri Jul 6 08:59:21 CEST 2007
Hi Alan!
On 7/5/07, Alan DeKok <aland at deployingradius.com> wrote:
> George Beitis wrote:
> > ... I will use a policy engine to do that
> > and i want to overwrite the final decision if the user is not authorized
> > based on my policy.
> >
> > Is postauth the right place to do this?
>
> Yes.
>
> But you can't turn a reject into an accept. You can only turn an
> accept into a reject.
Isn't "authorize" better place for that? Even name suggests
authorization should be done there... ;)
Just wondering whether there's a good reason for not doing it in
authorize and postpone it until post-auth. Besides using more common
order of authentication and authorization steps.
th.
More information about the Freeradius-Users
mailing list