> Understanding the security risks... is there an example of
> setting Post-Auth-Type REJECT {...} to override the reject
> force the response to Auth-Accept?
If you want to change all REJECTs to ACCEPT so that authentication always
succeeds, then you are effectively eliminating the requirement for 802.1x
authentication for network connectivity. If it's not required, why not just
turn off port security on your switches? If it is required, why would you want
to do the above?
It seems that what you really want is the ability to change the expired
password via MSCHAP which isn't currently supported in FreeRADIUS (as I said in
a previous post). If you are going to write a patch, develop one to provide
this functionality..
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
