[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-devel
Subject: Re: some question
From: Alan DeKok <aland () striker ! ottawa ! on ! ca>
Date: 2000-02-21 17:48:20
[Download RAW message or body]
Kotrekhov Andrey <kota@at.com.ua> wrote:
> The question is why I will get authorize parameters then authentification
> is failed?
You should only get a few authorization attributes: Session-Timeout,
Idle-Timeout, and Reply-Message.
> I authorize users from database. I think it is not a good idea get
> authorize parameters from DB and after this reject user if login or passwd
> is incorrect.
You are correct.
> Is it a good idea to separate authorize function to preauthorize and
> authorize?
No.
> preauthorize - get Auth-Type for user
> and authorize get reply AV-pairs but run after authentification function.
We can easily fix this by hacking the file auth.c to remove the
extra authorization attributes from an authentication reject message.
Alan DeKok.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic