I have a problem scenario where I need to be able to handle the authentication of users myself. I am looking into using either rlm_perl or (preferably) rlm_jradius to be able to write my own piece to do authentication. I believe this is possible with either module (please correct me if I'm wrong on that, it would stop me in my tracks). What I need to know is if when writing my own authenticator there is a terribly complicated process of requests and responses that I have to honor in order to make the supplicant happy, or if I can trivially accept or reject based on the parameters of my business problem. As a test case, I wrote a Java class for rlm_jradius that just replaced reject packets with accept packets, to see if it would work. I found that if I hooked into it at the 'post_auth' stage it didn't matter what my reply was, freeRadius remembered that auth had failed and stripped all the attributes from the response packet.
That was long winded, here is a summary of my questions. Can I write my own piece to do authentication? Where in the freeRadius process do I list that listener? Is there a series of requests and responses that I have to honor? -Travis
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
