Hi,
> authorize {
> if((User-Name == User-Password) && %{ldap:etc...}){
> update control {
> Auth-Type := 'NULL'
> }
> }
> else {
> // Authentication modules
> }
> }
>
>
> Auth-Type NULL {
> ok
> }
this is pretty uch what is already on the system - the trouble then is that
people can then just login by using any account so long as the password
is the same value
eg
hacker
hacker
they dont even need a valid account to actually authenticate.
what we need is for the X=Y to work for authorise and then
not give a damn about authentication - but, as said, looks like
we cannot distinguish between auth and auth (if you get what
I mean ;-) ) - if only we could send Service-Type from the device...
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
