Alan DeKok wrote:
> Phil Mayers wrote:
>> How about a config item like so:
>> username Pap-Auth-DelegateTo := "moduleinstancename"
>> and make rlm_pap the ONLY valid option in authorize/authenticate.
>> rlm_pap, when called in authenticate, checks if the config item is set.
>> If so, it finds the given module instance and passes the authenticate
>> request to it.
> Hmm... I'm not so sure.
Well, just a thought.
>> Many of the "oracles" (nice name) need little or no code to be executed
>> in authorize. LDAP is about the only one I can think of.
> Yes. But even with LDAP, you can configure LDAP bind without doing
> user lookups in LDAP.
> I'll think about it some more. A good solution is difficult to come
> up with.
>> I could see this having real use in other situations - it would obviate
>> the need for Autz-Type in some "merger" situations.
> I'm not sure what you mean by that.
Ignore that. I meant "Auth-Type".
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html