Good Afternoon; I am looking at different ways to authorize users using local resources. I would like to create various Text files (like foundry.acl, juniper.acl etc etc) with a list of kerberos principles contained within (each principle separated by new line). When a user attempts to authenticate from a given IP range the radius engine will authorize the user against the appropriate acl file, if the user is contained within the acl file then they are allowed and certain vendor specific attrs are sent back with the acess accept. Basically I would like to create "groups" to authorize access to different devices accross the network, LDAP is not an option and moving forward with a SQL db seems a bit over kill.
Larry
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
