Digest authentication and perl authorization
Luciano Afranllie
listas.luafran at gmail.com
Wed Jan 7 02:35:59 CET 2009
Hi,
On Mon, Jan 5, 2009 at 2:23 PM, <tnt at kalik.net> wrote:
>>I am thinking in something like this:
>>
>>- Radius client (b2bua) sends an access-request with Service_type =
>>"Authorize-Only"
>>- Adding perl module to authorization section.
>>- In authorize function of perl module check if the balance is enough
>>to make the call. if yes add an attribute to the reply with granted
>>credit time and return return RLM_MODULE_OK. If no, return
>>RLM_MODULE_REJECT.
>>
>
> That can work. As long as radius client understands that Service-Type.
>
>>My questions are: how is the best way of making authorization without
>>authentication?
>>
>
> The way you described it.
>
>>- Should perl module set Auth-Type := Accept if the user is authorized?
>>
>
> Yes.
>
>>- What should I need to add in the users file for this to work,
>>something like this?
>>
>>DEFAULT Auth-Type := Accept, Service-Type == "Authorize-Only"
>>
>
> No nedd. perl can do it all. It can add Service-Type to reply as well.
>
I have done that and everything seems to be ok.
Now, I have an stupid question. When I do digest authentication with
this config, digest module set Auth-Type = Digest but I am overriding
it with Auth-Type = Accept in perl module. How do I set Auth-Type in
perl only if it is not already set? What is the value for a not-set
attribute in perl?
Regards
Luciano
More information about the Freeradius-Users
mailing list