Alan DeKok wrote: > Phil Mayers wrote: >> How about a config item like so: >> >> username Pap-Auth-DelegateTo := "moduleinstancename" >> >> and make rlm_pap the ONLY valid option in authorize/authenticate. >> >> rlm_pap, when called in authenticate, checks if the config item is set. >> If so, it finds the given module instance and passes the authenticate >> request to it. > > Hmm... I'm not so sure.
Well, just a thought. > >> Many of the "oracles" (nice name) need little or no code to be executed >> in authorize. LDAP is about the only one I can think of. > > Yes. But even with LDAP, you can configure LDAP bind without doing > user lookups in LDAP. > > I'll think about it some more. A good solution is difficult to come > up with. Indeed > >> I could see this having real use in other situations - it would obviate >> the need for Autz-Type in some "merger" situations. > > I'm not sure what you mean by that. Ignore that. I meant "Auth-Type". - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
