(RADIATOR) Injecting passwords in PreAuthHook.
Frank Danielson
fdanielson at csky.com
Thu May 29 16:09:30 CDT 2003
The catch is that a PreAuthHook is not the place to do authentication.
Instead of using a PreAuthHook you could use a PostAuthHook to call the
AuthBy LDAP based on the results of whatever your authentication system
returns. There is an example of calling an AuthBy from a PostAuthHook in
goodies/hooks.txt.
Alternately you could implement your authentication scheme in a custom
AuthBy module and then use an AuthBy policy in a Handler to control the
flow. You could use a config like this-
<Handler>
AuthByPolicy ContinueUntilReject
<AuthBy CustomAuthByModule>
config parameters
</AuthBy>
<AuthBy LDAP2>
LDAP config
</AuthBy>
</Handler>
Or you could put your hook into a PreHandlerHook and add a fake attribute
that you could use to decide which Handler gets the request-
<Client x.x.x.x>
PreHandlerHook sub { if (my authenticion scheme) {\
${$_[0]}->add_attr('Auth','Yes');\
} else {\
${$_[0]}->add_attr('Auth','No');\
}}
</Client>
<Handler Auth=Yes>
<AuthBy LDAP2>
LDAP config
</AuthBy>
</Handler>
<Handler Auth=No>
<AuthBy INTERNAL>
DefaultResult REJECT
</AuthBy>
</Handler>
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
301 E. Pine St. Suite 400
Orlando, FL 32801
USA
-----Original Message-----
From: Joao Pedro Goncalves [mailto:joaop at co.sapo.pt]
Sent: Thursday, May 29, 2003 1:12 PM
To: radiator at open.com.au
Subject: (RADIATOR) Injecting passwords in PreAuthHook.
Hi,
We are using <AuthBy LDAP2> to retrieve NAS attributes and it's working
great, but we want our users to be authenticated against a different
system in PreAuthHook. We've managed to get it working as a proof of
concept.
My question is,
How can i inject the password in the check item lists, so that later
it will check it as it should, or how do i issue a REJECT directly from
PreAuthHook, which would be optimal, since there would be one less
access to the ldap server.
Thank your for your time.
--
João Pedro Gonçalves
http://www.sapo.pt/ - Portugal Online
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list