rlm_eap_tls: authenticate instead of authorize?

Graham Leggett minfrin at sharp.fm
Tue Jan 10 13:04:37 CET 2012


Hi all,

I notice that when rlm_eap_tls checks the user's certificate, it does so in the authenticate section instead of the authorize section, and in the process none of the fields in the certificate are available to other modules until post_auth.

Would there be any ill effects if the rlm_eap_tls certificate parsing was moved from the authenticate section to the  authorize section?

Regards,
Graham
--

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4365 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120110/cfac62db/attachment.bin>


More information about the Freeradius-Users mailing list