How do I not set Auth-Type?
Phil Mayers
p.mayers at imperial.ac.uk
Mon Mar 19 12:37:58 CET 2007
Alan DeKok wrote:
> Phil Mayers wrote:
>> How about a config item like so:
>>
>> username Pap-Auth-DelegateTo := "moduleinstancename"
>>
>> and make rlm_pap the ONLY valid option in authorize/authenticate.
>>
>> rlm_pap, when called in authenticate, checks if the config item is set.
>> If so, it finds the given module instance and passes the authenticate
>> request to it.
>
> Hmm... I'm not so sure.
Well, just a thought.
>
>> Many of the "oracles" (nice name) need little or no code to be executed
>> in authorize. LDAP is about the only one I can think of.
>
> Yes. But even with LDAP, you can configure LDAP bind without doing
> user lookups in LDAP.
>
> I'll think about it some more. A good solution is difficult to come
> up with.
Indeed
>
>> I could see this having real use in other situations - it would obviate
>> the need for Autz-Type in some "merger" situations.
>
> I'm not sure what you mean by that.
Ignore that. I meant "Auth-Type".
More information about the Freeradius-Users
mailing list