Artur Hecker <[EMAIL PROTECTED]> wrote:
> Auth-Type := Foo is to authenticate by the module foo mentioned in the
> authenticate {} section
Yes.
> whereas Auth-Type := System is for the server
> deciding where to take the password from in the authorize {} section in
> radiusd.conf file and to authenticate with the ... appropriate module in
> authenticate {} ?
The 'unix' module. It's called 'system' for historical reasons.
> Tokens Meaning
> ------------------------------------------------
> == ???
> := ???
'man 5 users', after installing the server.
> Why do we have to use different tokens anyway? Why is "User-Password ==
> something" during "Auth-Type := something"? Can it be "Auth-Type ==
> something"? Are those not both just Radius-attributes?
No. The password is a string given by the user, and sent via RADIUS
to the server.. The Auth-Type is a *control* attribute, which is
internal to the server, which tells the server how to authenticate the user.
> Does the standard dictates that? (I admit, I'm too lazy to search
> for it right now...) Wouldn't it be better in this case to hide it
> from the user by organizing the attributes into corresponding
> groups?
They are. See 'raddb/dictionary', and the comments in it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
