rlm_perl authorization/authentication and %RAD_CONFIG questions

Alan DeKok aland at deployingradius.com
Wed Apr 29 21:11:12 CEST 2009


dorkusmonkey wrote:
>   I am running  FreeRADIUS Version 2.1.5, for host i686-pc-linux-gnu,
> have successfully configured rlm_perl and have it working with a
> modified example.pl file.  I have noticed that the authorize callback
> in example.pl gets called before the authentication callback.  From
> http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg01706.html
> , this looks like this is expected behavior.  I apologize if I am
> missing something, but shouldn't authentication come before
> authorization?  Shouldn't those two functions be called in reverse
> order?

  The names are there for historical reasons.  The original version of
FreeRADIUS had only two processing sections: authenticate and authorize.
 Later versions added more sections, but did not change the
functionality of the existing sections.

  i.e. Do not get worried about the names.  They are just names.  There
is a "pre-authentication" process, an "authentication" process, and a
"post-authentication" process.

>   Also, I would like to pass in some configuration parameters to the
> example.pl script.  I assume that is what the %RAD_CONFIG variable is
> there for, but I cannot seem to get anything meaningful into that hash
> ( as a test, I print out all hash keys for %RAD_CONFIG whenever a
> callback in the example.pl is called, and all I can see is a null
> valued 'Auth-Type' field ).

  Huh?  The field shouldn't be NULL.  Ever.

>  I looked briefly at the source, but
> nothing jumped out at me as being obviously associated with
> configuration values and the %RAD_CONFIG variable.  I was hoping
> someone could tell me how to get access to configuration value pairs
> from the example.pl file (hopefully without parsing the files myself
> from within the perl script) or at the very least point me in the
> right direction in the source so that I can figure this out myself.

  It looks like you're accessing the pairs that exist.

  What *else* did you expect to see there?

  Alan DeKok.



More information about the Freeradius-Users mailing list