> We're currently working on the modules so that they will do all this
> for you automagically. i.e. the MSCHAP module SHOULD notice the
> MSCHAP attributes, and add an 'Auth-Type := MSCHAP'.
>
> Some of this is done already.
Hmm so setiting up the server to authenticate the user via
multiple auth-types is not possible right now I assume?
It seems that the modules as they stand right now are a mix
of different things..
Some are sources of information and some are methods of encoding
information.
Example:
ldap, dbm, pam, sql, etc.. are information sources.
eap, ms-chap, chap, pap, etc.. are encoding methods.
Perhaps modules should be divided into these two catagories.
Information sources just retrieve information.. passwords..settings..etc.
Encoding methods are responsible for taking the retreived infromation
and running checks against it to see if it is correct based on the
information the user provided..
This way.. chaining information sources and encoding methods
would be easier.
source -> find bob
try sql.. if not
try pam.. if not
try ldap
etc...
encoding -> what type of password is the user presenting?
try pap
try chap
try ms-chap
try eap
etc...
This would all be configurable of course..
Not only would this simplify coding for the module writers
since they could concentrate on what they know best but
all keep the server core nice and neat.. Sorry if this is what
you were planning to do.. the docs leave a bit to be desired
at this point for radius newbies.
Thanks.. Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
