Hi, >> Which is, BTW, extremely similar to how I solved the problem for me. I >> defined a VSA "RESTENA-Service-Type" (string) and put things like "IMAP" >> into it. > What else was in the request message? Was there an instance of > Service-Type, and if so what was it's value? The requests were generated by a pam_radius_auth module, which sends Service-Type = Authenticate-Only. That module doesn't even send VSA's, so I had to trick like "if the sending client was IP adress x.y.z.a, add RESTENA-Service-Type = IMAP prior to further processing". And there I was lucky that this IP address has only *one* process that uses RADIUS. Well, standard ugly hacks. > I see the argument for using Service-Type for this application. OTOH, > there are two minor issues with that path: (a) allocation requires > IETF Consensus, and (b) it tends to clutter up what's currently a > concise list of options. That's true (and that's why I just took a VSA and went my merry way). Of course, having an IETF-allocated string attribute of sorts "Extended-Service-Type-Info" that people could fill with whatever is needed inside their AAA infrastructure would be not so bad. Better than cluttering Service-Type with hundreds(?) of possible RADIUS-speaking applications IMHO; where the list would be necessarily incomplete. Greetings, Stefan Winter > Regards, > > Dave > > David B. Nelson > Sr. Software Architect > Elbrys Networks, Inc. > www.elbrys.com > +1.603.570.2636 -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473
Attachment:
signature.asc
Description: OpenPGP digital signature