Tomas you actually made a very good point :) I didn't realize there was an authorize part in the work flow of freeradius. That would be before postauth, are there any other steps after "authorize" and before post auth?
kind regards George Tomas Hoger wrote: > Hi Alan! > > On 7/5/07, Alan DeKok <[EMAIL PROTECTED]> wrote: > >> George Beitis wrote: >> >>> ... I will use a policy engine to do that >>> and i want to overwrite the final decision if the user is not authorized >>> based on my policy. >>> >>> Is postauth the right place to do this? >>> >> Yes. >> >> But you can't turn a reject into an accept. You can only turn an >> accept into a reject. >> > > Isn't "authorize" better place for that? Even name suggests > authorization should be done there... ;) > > Just wondering whether there's a good reason for not doing it in > authorize and postpone it until post-auth. Besides using more common > order of authentication and authorization steps. > > th. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
