[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] Custom Attributes for Authorization
From: |
Sergey Poznyakoff |
Subject: |
Re: [Help-gnu-radius] Custom Attributes for Authorization |
Date: |
Fri, 21 Jun 2002 12:38:06 +0300 |
> How I can create and implement custom authorization schemes with gnu-radius
> 0.96.3.
Well, there are at least three ways to do so:
1) Implement authorization scheme as a PAM module and use Auth-Type =
PAM in raddb/users. This may or may not be suitable, since there
are no reliable methods of passing additional data from the
incoming packet to the PAM module.
(see
http://www.gnu.org/software/radius/manual/html_chapter/radius_9.html#IDX195)
2) Implement authorization scheme as a Scheme (guile) procedure, and
apply it to the user's profile using Scheme-Procedure attribute in
reply pairs. Such a procedure has full access to the contents of
the incoming request.
(see
http://www.gnu.org/software/radius/manual/html_chapter/radius_13.html#SEC105)
3) Implement authorization scheme as an external program and apply
it to the user's profile using Exec-Program-Wait. The attributes
from the incoming packet may be passed to the program via its
command line using usual notation %C{attr-name}.
(see
http://www.gnu.org/software/radius/manual/html_chapter/radius_16.html#SEC185)
Regards,
Sergey