[RADIATOR] Rejecting a request from PostAuthSelectHook

Michael Newton mnewton at pofp.com
Wed Jul 25 13:18:18 UTC 2018

Unless I'm mistaken, I don't have access to the reply from a

The first argument passed to the hook is a handle to the current AuthBy SQL
object. The second argument
is the name of the user being authenticated. The third argument is a
pointer to the current request. The fourth argument is a pointer to the
User object being constructed to hold the check and reply items for the
user being authenticated. The fifth argument ($_[4]) is a reference to the
@row resulting from AuthSelect.


Michael Newton
Director, Product Development
Point of Presence Technologies

On Tue, 24 Jul 2018 at 17:24, Hugh Irvine <hugh at open.com.au> wrote:

> Hello Michael -
> The simplest way to do this is to add a Reply-Message to the reply in your
> code, then chain an AuthBy INTERNAL clause after the AuthBy SQL clause with
> AuthByPolicy ContinueWhileAccept.
> The AuthBy INTERNAL clause would call an AuthHook to look at the
> Reply-Message and reject if necessary, otherwise accept.
> I find this much clearer and easier to understand.
> That said, it is possible to do what you ask, but its a bit convoluted.
> See the example PostAuthHook in “goodies/hooks.txt”.
> regards
> Hugh
> > On 25 Jul 2018, at 08:31, Michael Newton <mnewton at pofp.com> wrote:
> >
> > Pretty basic question; is there a way to reject a request from the
> PostAuthSelectHook code? The code also needs to alter the results returned
> from the database, so I'm unable to run it in a PostAuthHook. Thanks!
> > --
> >
> > Michael Newton
> > Director, Product Development
> > Point of Presence Technologies
> >
> > _______________________________________________
> > radiator mailing list
> > radiator at lists.open.com.au
> > http://lists.open.com.au/mailman/listinfo/radiator
> --
> Hugh Irvine
> hugh at open.com.au
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.open.com.au/pipermail/radiator/attachments/20180725/0bad7f76/attachment.html>

More information about the radiator mailing list