-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Leonardo, I'm not into the whole radius thing, but if I understand you correctly, you want to have a possibility to return some data to the application from your PAM module. I faced the same problem with my student research project, and I used an extended conversation function with a new "message-type" as a solution. This of course breaks compability with many applications (to be more exact: it breaks compability, if the authorization server - in my case a XACML-Server - returns some attribute-value-pairs). I solved the problem by denying any access if the application does not understand my messages. Also I had to put a lot of effort into the whole encoding/decoding-part, because the PAM conversation-interface only allows character pointers, while XACML allows typed attributes with multiple values... Hope, this helps you. tobi Leonardo Pereira Santos schrieb: > Hello All: > > I'm using PAM as a interface to a RADIUS server. I managed to get the > authentication part working, but I need to get authorization to work too. I > know that the pam_radius_auth.so doesn't support authorization, so I'm trying > to hack it. > My main problem is how to pass ANY token from the RADIUS reply in the > talk_radius() function. What functions in the framework can be used for > this ? I have to look at the attribute-value pairs in the AUTH_OK response >>from the RADIUS server and then set some attribute. I tried to use the > pam_set_data/pam_get_data functions, but they won't work if called from an > application. > Any ideas are welcome. Thank you. > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFHlQ9L1FY7cmdhGCwRAu7mAJ0Y1K8H5ult5Zati/MLK3KTT+TRSgCfQpTX bDqpKSQPRxaETZIlpKjO1iM= =Zqtv -----END PGP SIGNATURE----- _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
