>The pam_radius module currently uses the service-type authenticate-only when >sending an access-request. > >The rfc says this about "authenticate only": >Only Authentication is requested, and no authorization information needs to be >returned in the Access-Accept > >Does this mean that if I want the server to send some VSA in the reply-message >i should not use this?
No. "no authorization information *needs* to be returned" - not required but you *can* do it if you want. >Is it OK to not send any service-type? Yes, that or any other attribute in the reply. For services that *really* don't require any authorization attributes. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
