help-gnu-radius
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnu-radius] Custom Attributes for Authorization

From: Sergey Poznyakoff
Subject: Re: [Help-gnu-radius] Custom Attributes for Authorization
Date: Fri, 21 Jun 2002 12:38:06 +0300 
>   How I can create and implement custom authorization schemes with gnu-radius 
> 0.96.3.

Well, there are at least three ways to do so:

1) Implement authorization scheme as a PAM module and use Auth-Type =
   PAM in raddb/users. This may or may not be suitable, since there
   are no reliable methods of passing additional data from the
   incoming packet to the PAM module.
   (see
 http://www.gnu.org/software/radius/manual/html_chapter/radius_9.html#IDX195)

2) Implement authorization scheme as a Scheme (guile) procedure, and
   apply it to the user's profile using Scheme-Procedure attribute in
   reply pairs. Such a procedure has full access to the contents of
   the incoming request.
   (see
 http://www.gnu.org/software/radius/manual/html_chapter/radius_13.html#SEC105)

3) Implement authorization scheme as an external program and apply
   it to the user's profile using Exec-Program-Wait. The attributes
   from the incoming packet may be passed to the program via its
   command line using usual notation %C{attr-name}.
   (see
 http://www.gnu.org/software/radius/manual/html_chapter/radius_16.html#SEC185)

Regards,
Sergey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]