vsa and authenticate-only service-type
tnt at kalik.net
tnt at kalik.net
Wed Oct 29 10:50:22 CET 2008
>The pam_radius module currently uses the service-type authenticate-only when sending an access-request.
>
>The rfc says this about "authenticate only":
>Only Authentication is requested, and no authorization information needs to be returned in the Access-Accept
>
>Does this mean that if I want the server to send some VSA in the reply-message i should not use this?
No. "no authorization information *needs* to be returned" - not
required but you *can* do it if you want.
>Is it OK to not send any service-type?
Yes, that or any other attribute in the reply. For services that *really*
don't require any authorization attributes.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list