Post-auth and Rejected logins
Johan Meiring
jmeiring at pcservices.co.za
Mon Sep 26 23:33:24 CEST 2011
Hi,
Hope the following makes sense.
I have a perl module that runs in post-auth.
It checks various things that confirms whether the user may have access and,
if not, would turn an Accept into a Reject.
I want this perl module to run whether the authentication previously failed
or not.
I'm using the documented method of the following:
post-auth {
my_perl
Post-Auth-Type REJECT {
my_perl
}
}
The problem comes in here.
If authentication failed, the module runs once only (in the Post-Auth-Type
REJECT stanza)
If authentication was OK, and my perl module also OK's the request, it runs
once only (in the "non" Post-Auth_type REJECT stanza).
But....
If the auhtentication as OK, and my perl module then decides to reject the
Authentication (by returning RLM_MODULE_REJECT), the perl module runs twice.
I've tried swopping around the post-auth section as follows:
post-auth {
Post-Auth-Type REJECT {
my_perl
}
my_perl
}
The "REJECT" stanza is still executed if the non-"REJECT" stanza turns the
accept into a reject.
The only solution I can come up with is to set a Tmp-String, and using
unlang try to force the perl to not run again.
Does anyone know of a more elegant way?
Thanks!
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
--------------------
Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:
http://www.pcservices.co.za/disclaimer.html
More information about the Freeradius-Users
mailing list