diff options
| author | zsdc <taras@vyos.io> | 2023-09-13 12:41:04 +0300 |
|---|---|---|
| committer | zsdc <taras@vyos.io> | 2023-11-20 18:44:31 +0200 |
| commit | 2a023b878471500bd78962ca94d9174a328ce5c9 (patch) | |
| tree | 2d3ccd8d77cb6410d943395b72a963f07a0c5e70 /debian/vyos-1x.preinst | |
| parent | 9cf2f2c8019b0d0279d6af942a08b6bd829daa16 (diff) | |
| download | vyos-1x-2a023b878471500bd78962ca94d9174a328ce5c9.tar.gz vyos-1x-2a023b878471500bd78962ca94d9174a328ce5c9.zip | |
RADIUS: T5577: Added `mandatory` and `optional` modes for RADIUS
In CLI we can choose authentication logic:
- `mandatory` - if RADIUS answered with `Access-Reject`, authentication must
be stopped and access denied immediately.
- `optional` (default) - if RADIUS answers with `Access-Reject`,
authentication continues using the next module.
In `mandatory` mode authentication will be stopped only if RADIUS clearly
answered that access should be denied (no user in RADIUS database, wrong
password, etc.). If RADIUS is not available or other errors happen, it will be
skipped and authentication will continue with the next module, like in
`optional` mode.
Diffstat (limited to 'debian/vyos-1x.preinst')
| -rw-r--r-- | debian/vyos-1x.preinst | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst index 12866cd55..df99661b1 100644 --- a/debian/vyos-1x.preinst +++ b/debian/vyos-1x.preinst @@ -2,7 +2,6 @@ dpkg-divert --package vyos-1x --add --no-rename /etc/securetty dpkg-divert --package vyos-1x --add --no-rename /etc/security/capability.conf dpkg-divert --package vyos-1x --add --no-rename /lib/systemd/system/lcdproc.service dpkg-divert --package vyos-1x --add --no-rename /etc/logrotate.d/conntrackd -dpkg-divert --package vyos-1x --add --no-rename /usr/share/pam-configs/radius dpkg-divert --package vyos-1x --add --no-rename /usr/share/pam-configs/tacplus dpkg-divert --package vyos-1x --add --no-rename /etc/rsyslog.conf dpkg-divert --package vyos-1x --add --no-rename /etc/skel/.bashrc |