Alan DeKok wrote:
> Phil Mayers wrote:
>> How about a config item like so:
>>
>> username     Pap-Auth-DelegateTo := "moduleinstancename"
>>
>> and make rlm_pap the ONLY valid option in authorize/authenticate.
>>
>> rlm_pap, when called in authenticate, checks if the config item is set. 
>> If so, it finds the given module instance and passes the authenticate 
>> request to it.
> 
>   Hmm... I'm not so sure.

Well, just a thought.

> 
>> Many of the "oracles" (nice name) need little or no code to be executed 
>> in authorize. LDAP is about the only one I can think of.
> 
>   Yes.  But even with LDAP, you can configure LDAP bind without doing
> user lookups in LDAP.
> 
>   I'll think about it some more.  A good solution is difficult to come
> up with.

Indeed

> 
>> I could see this having real use in other situations - it would obviate 
>> the need for Autz-Type in some "merger" situations.
> 
>   I'm not sure what you mean by that.

Ignore that. I meant "Auth-Type".
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to