[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-devel
Subject:    Re: some question
From:       Alan DeKok <aland () striker ! ottawa ! on ! ca>
Date:       2000-02-21 17:48:20
[Download RAW message or body]

Kotrekhov Andrey <kota@at.com.ua> wrote:
> The question is  why I will get authorize parameters then authentification 
> is failed?

  You should only get a few authorization attributes: Session-Timeout,
Idle-Timeout, and Reply-Message.

> I authorize users from database. I think it is not a good idea get
> authorize parameters from DB and after this reject user if login or passwd
> is incorrect.

  You are correct.

> Is it a good idea to separate authorize function to preauthorize and
> authorize?

  No.

> preauthorize - get Auth-Type for user
> and authorize get reply AV-pairs but run after authentification function. 

  We can easily fix this by hacking the file auth.c to remove the
extra authorization attributes from an authentication reject message.

  Alan DeKok.

[prev in list] [next in list] [prev in thread] [next in thread]