vsa and authenticate-only service-type
ganesh subramonian
gun_raj at yahoo.com
Wed Oct 29 11:18:24 CET 2008
Hi,
I was trying to use the pam_radius module with the steel-belted-radius-server.
This server does not send vsa's in the reply if i send an "authenticate only" in the access-request.
is this really expected? any idea whether other radius servers be doing something like this?
thanks
ganesh
>The pam_radius module currently uses the service-type authenticate-only when sending an access-request.
>
>The rfc says this about "authenticate only":
>Only Authentication is requested, and no authorization information needs to be returned in the Access-Accept
>
>Does this mean that if I want the server to send some VSA in the reply-message i should not use this?
No. "no authorization information *needs* to be returned" - not
required but you *can* do it if you want.
>Is it OK to not send any service-type?
Yes, that or any other attribute in the reply. For services that *really*
don't require any authorization attributes.
Ivan Kalik
Kalik Informatika ISP
Add more friends to your messenger and enjoy! Go to http://messenger.yahoo.com/invite/
More information about the Freeradius-Users
mailing list