(RADIATOR) Reversing a PreAuthHook

Peter Bates Peter.Bates at lshtm.ac.uk
Mon Sep 25 05:05:23 CDT 2006


Hello all...

Apologies if this is a silly question.

We're using Radiator primarily to authenticate
users against an LDAP backend (Novell eDirectory).

As an easy way of denying access, we check 
for membership of a particular group:

AuthAttrDef     groupMembership,group-check,check
PreAuthHook sub { ${$_[0]}->add_attr('group-check',
'cn=RADIUS-Users,ou=BMAS,ou=SCHOOL,o=LSHTM') ;}

We've just realized the error of our ways, however, 
and that we should really allow access to all, and use this group
to include people we wish to deny instead of allow.

Can I just '!' the group in the PreAuthHook, is the answer more
involved,
or am I going about things in an overly complicated way in the first
place?!

Thanks.


--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, IT Services.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list