<[EMAIL PROTECTED]> wrote: > Since some servers require vendor-specific attributes, I wonder if the > pam_module supports these: > - in Access-request, the radius client sends one or more vendor-specific > attributes on top of the usual attributes
WHICH vendor-specific, and WHY? How would you configure these? The short answer is that you can't, unless you modify the code. > - in the Access-challenge, the radius client reports the reply-message + > one or more vendor-specific attributes to the application on top of the > regular attributes > - in the second Access request, the radius client sends in the response > one or more vendor specific attributes + regular attributes. > > Have anybody tries these? Can a PAM module at all support usage of > vendor-specific attributes? No. > if not, what do you think needs to be modified to allow this to happen? > Would that be a big work? A suggestion would be that the application > merely provides the vendor-ID, vendor type vendor length and value field > to the PAM module. How? PAM doesn't do this. > The radius client then transparently forwards the request to the > server without altering it. If the application can create a RADIUS request, why the heck are you trying to use PAM? > In the other way round, the client detects the vendor specific > fields and reports them to the application without processing it any > further. How? PAM doesn't do this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html