Passing information from authenticate to post-auth (was: Why Authorization before Authentication)

[Edgar Fuß]

I was probably too fuzzy about what I actually mean, sorry.

Suppose I'm writing my own module or I'm using rlm_perl.
Then, in authenticate, I gather some information.
Later, in post-auth, I need this information for my authorization policy.
So, as far as I can see, I'll have to put this Information into an attribute.
Am I supposed to use the Tmp-Xxx-N attributes for that?

I think my situation is analogous to rlm_eap storing the issuer certificate in the TLS-Client-Cert-Issuer attribute so you can base policy decisions on that.