You can may be use Autz-Type (there is a documentation about this
directive inside the /doc directory of freeradius tarball).
ex :
authorise {
preprocess
Autz-Type dosql {
sql
}
files
}
and in user you can set or not this check item :
DEFAULT Autz-Type := dosql
freeradius will first execute preprocess and files modules... then sql
if Autz-Type is set to "dosql"
Hope it helps
Anthony
with this in
Le vendredi 27 mai 2005 à 14:32 +0200, Miguel Sennoun a écrit :
> I have a question in relation with this configuration:
> In the case module file (users) and then sql are activated. Is it possible
> to go through sql module conditionally following what happened in the file
> module?
> In fact my file module can set an Auth-Type = Reject. In this case I would
> like the sql module don't send request. But if Auth-Type has not been set
> then sql querries are called.
> Do you think it is possible?
>
> > -----Message d'origine-----
> > De : [EMAIL PROTECTED] [mailto:freeradius-users-
> > [EMAIL PROTECTED] De la part de Edgars
> > Envoyé : vendredi 27 mai 2005 13:55
> > À : freeradius-users@lists.freeradius.org
> > Objet : Re: sequence
> >
> > >>in the authentication module, what is happening if i have two sequential
> > > > entries - 'sql' and after'file'. What is more prioritized?
> >
> > > Only one is chosen.
> >
> >
> > But is it possible to have a chain of authentication modules, each
> > performing
> > its own task on the request, for example, rlm_passwd to modify the
> > client's
> > request (based on username, insert some additional attributes there), then
> > one more rlm_passwd to check plain-text passwords, and then rlm_users to
> > compose the reply?
> >
> > Thanks,
> >
> > Edgars
> >
> >
> >
> > Alan DeKok wrote:
> >
> > >Edgars <[EMAIL PROTECTED]> wrote:
> > >
> > >
> > >>in the authentication module, what is happening if i have two sequential
> > >>entries - 'sql' and after'file'. What is more prioritized?
> > >>
> > >>
> > >
> > > Only one is chosen.
> > >
> > >
> > >
> > >>I'm asking because of i want to have non-plaintext passwords while
> > >>keeping in the file or DB. Does this make sense?
> > >>
> > >>
> > >
> > > I'm not sure what you mean by that.
> > >
> > >
> > >
> > >>If there is no way then there is a plan to use Kerberos for
> > >>authentication and FreeRADIUS for authorization.
> > >>
> > >>
> > >
> > > See rlm_krb5, it's included with the server.
> > >
> > > Alan DeKok.
> > >
> > >-
> > >List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> > >
> > >
> > >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Anthony Hinsinger <[EMAIL PROTECTED]>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
