How do I not set Auth-Type?
Alan DeKok
aland at deployingradius.com
Mon Mar 19 09:29:52 CET 2007
Phil Mayers wrote:
> How about a config item like so:
>
> username Pap-Auth-DelegateTo := "moduleinstancename"
>
> and make rlm_pap the ONLY valid option in authorize/authenticate.
>
> rlm_pap, when called in authenticate, checks if the config item is set.
> If so, it finds the given module instance and passes the authenticate
> request to it.
Hmm... I'm not so sure.
> Many of the "oracles" (nice name) need little or no code to be executed
> in authorize. LDAP is about the only one I can think of.
Yes. But even with LDAP, you can configure LDAP bind without doing
user lookups in LDAP.
I'll think about it some more. A good solution is difficult to come
up with.
> I could see this having real use in other situations - it would obviate
> the need for Autz-Type in some "merger" situations.
I'm not sure what you mean by that.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list