(RADIATOR) Injecting passwords in PreAuthHook.

Frank Danielson fdanielson at csky.com
Thu May 29 16:09:30 CDT 2003 

The catch is that a PreAuthHook is not the place to do authentication.
Instead of using a PreAuthHook you could use a PostAuthHook to call the
AuthBy LDAP based on the results of whatever your authentication system
returns. There is an example of calling an AuthBy from a PostAuthHook in
goodies/hooks.txt.

Alternately you could implement your authentication scheme in a custom
AuthBy module and then use an AuthBy policy in a Handler to control the
flow. You could use a config like this-

<Handler>
	AuthByPolicy ContinueUntilReject
	<AuthBy CustomAuthByModule>
		config parameters
	</AuthBy>
	<AuthBy LDAP2>
		LDAP config
	</AuthBy>
</Handler>

Or you could put your hook into a PreHandlerHook and add a fake attribute
that you could use to decide which Handler gets the request-

<Client x.x.x.x>
	PreHandlerHook sub { if (my authenticion scheme) {\
					${$_[0]}->add_attr('Auth','Yes');\
				} else {\
					${$_[0]}->add_attr('Auth','No');\
				}}
</Client>

<Handler Auth=Yes>
	<AuthBy LDAP2>
		LDAP config
	</AuthBy>
</Handler>

<Handler Auth=No>
	<AuthBy INTERNAL>
		DefaultResult REJECT
	</AuthBy>
</Handler>



Frank Danielson
[Infrastructure Architect]

voice:407.515.8633
fax:407.515.9001

ClearSky Mobile Media, Inc.
301 E. Pine St. Suite 400
Orlando, FL 32801
USA
 

-----Original Message-----
From: Joao Pedro Goncalves [mailto:joaop at co.sapo.pt]
Sent: Thursday, May 29, 2003 1:12 PM
To: radiator at open.com.au
Subject: (RADIATOR) Injecting passwords in PreAuthHook.


Hi,

We are using <AuthBy LDAP2> to retrieve NAS attributes and it's working
great, but we want our users to be authenticated against a different
system in PreAuthHook. We've managed to get it working as a proof of
concept.


My question is,
How can i inject the password in the check item lists, so that later
it will check it as it should, or how do i issue a REJECT directly from
PreAuthHook, which would be optimal, since there would be one less
access to the ldap server.

Thank your for your time.


-- 
João Pedro Gonçalves
http://www.sapo.pt/ - Portugal Online

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list