Hi,
I was trying to use the pam_radius module with the steel-belted-radius-server.
This server does not send vsa's in the reply if i send an "authenticate only"
in the access-request.
is this really expected? any idea whether other radius servers be doing
something like this?
thanks
ganesh
>The pam_radius module currently uses the service-type authenticate-only when
>sending an access-request.
>
>The rfc says this about "authenticate only":
>Only Authentication is requested, and no authorization information needs to be
>returned in the Access-Accept
>
>Does this mean that if I want the server to send some VSA in the reply-message
>i should not use this?
No. "no authorization information *needs* to be returned" - not
required but you *can* do it if you want.
>Is it OK to not send any service-type?
Yes, that or any other attribute in the reply. For services that *really*
don't require any authorization attributes.
Ivan Kalik
Kalik Informatika ISP
Add more friends to your messenger and enjoy! Go to
http://messenger.yahoo.com/invite/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
