From 5181ab60bb6d936505967d6667adc12c5ecb9b64 Mon Sep 17 00:00:00 2001 From: zsdc Date: Wed, 13 Sep 2023 12:41:04 +0300 Subject: RADIUS: T5577: Added `mandatory` and `optional` modes for RADIUS In CLI we can choose authentication logic: - `mandatory` - if RADIUS answered with `Access-Reject`, authentication must be stopped and access denied immediately. - `optional` (default) - if RADIUS answers with `Access-Reject`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if RADIUS clearly answered that access should be denied (no user in RADIUS database, wrong password, etc.). If RADIUS is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode. --- .../include/radius-server-ipv4-ipv6.xml.i | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'interface-definitions/include') diff --git a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i index efd418bb2..a0cdcd7c3 100644 --- a/interface-definitions/include/radius-server-ipv4-ipv6.xml.i +++ b/interface-definitions/include/radius-server-ipv4-ipv6.xml.i @@ -46,6 +46,26 @@ + + + Security mode for RADIUS authentication + + mandatory optional + + + mandatory + Deny access immediately if RADIUS answers with Access-Reject + + + optional + Pass to the next authentication method if RADIUS answers with Access-Reject + + + (mandatory|optional) + + + optional + -- cgit v1.2.3