rlm_perl authentication override

Henry henka at cityweb.co.za
Mon Dec 15 15:59:53 CET 2008


Using freeradius 2.0.5 and rlm_perl.

Let's say we have a username which is locked in /etc/shadow.
Normal authentication will prevent this user from logging in.

I would like to override this behaviour in either authorize() or  
post_auth() and allow the user to login (but with modified $RAD_REPLY)  
despite the locked system user.

In authorize(), changing $RAD_REPLY (to allow a modified service) is  
no problem, but I'm not sure what to return so radiusd will  
authenticate the user even though their password is incorrect (return  
RLM_MODULE_OK of course doesn't change this behaviour) - eg, rejecting  
a user is easy, just return RLM_MODULE_REJECT.

Is there a way to change the reply from Access-Reject, to Access-Accept?


More information about the Freeradius-Users mailing list