[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] authentication methods
From: |
Sergey Poznyakoff |
Subject: |
Re: [Help-gnu-radius] authentication methods |
Date: |
Wed, 29 May 2002 13:58:11 +0300 |
> I have some questions about how the GNU Radius server decide to authenticate
> a user.
This process is described in the node 'Operation' of the accompanying
documentation. (See online version at
http://www.gnu.org/software/radius/manual/html_node/radius_12.html#SEC15)
More specifically:
> Do the Radius server decide to authenticate a user based on the "User-Name"
> from the incoming packets?
Username is used as a search key to raddb/users file (after processing
hints and huntgroups -- see above). When looking up an entry in
raddb/users, the order is as follows:
1) Process BEGIN entries (if any). Go to 2 if there are no BEGIN
entries or reply-pairs of the matched BEGIN entry contained
Fall-Through=Yes. Otherwise go to 4.
2) If an entry exists that matches the username exactly, process it.
If its reply-pairs contained Fall-Through=Yes go to 3. Otherwise
go to 4.
3) Process DEFAULT entries. Each DEFAULT entry is compared against the
request in order of their appearance in raddb/users. When the entry
is found which matches the request, it is used for authentication.
4) End.
> Or the Radius server try every authentication methods in turn?
No, it never does.
Regards,
Sergey