From 2a023b878471500bd78962ca94d9174a328ce5c9 Mon Sep 17 00:00:00 2001
From: zsdc <taras@vyos.io>
Date: Wed, 13 Sep 2023 12:41:04 +0300
Subject: RADIUS: T5577: Added `mandatory` and `optional` modes for RADIUS

In CLI we can choose authentication logic:

  - `mandatory` - if RADIUS answered with `Access-Reject`, authentication must
  be stopped and access denied immediately.
  - `optional` (default) - if RADIUS answers with `Access-Reject`,
  authentication continues using the next module.

In `mandatory` mode authentication will be stopped only if RADIUS clearly
answered that access should be denied (no user in RADIUS database, wrong
password, etc.). If RADIUS is not available or other errors happen, it will be
skipped and authentication will continue with the next module, like in
`optional` mode.
---
 debian/vyos-1x.postinst | 2 --
 1 file changed, 2 deletions(-)

(limited to 'debian/vyos-1x.postinst')

diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index e70db93b5..837fcf995 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -91,7 +91,6 @@ if ! grep -q '^radius_user' /etc/passwd; then
     adduser --quiet radius_user adm
     adduser --quiet radius_user dip
     adduser --quiet radius_user users
-    adduser --quiet radius_user aaa
 fi
 
 # Add RADIUS admin user for RADIUS authenticated users to map to
@@ -107,7 +106,6 @@ if ! grep -q '^radius_priv_user' /etc/passwd; then
     adduser --quiet radius_priv_user disk
     adduser --quiet radius_priv_user users
     adduser --quiet radius_priv_user frr
-    adduser --quiet radius_priv_user aaa
 fi
 
 # add hostsd group for vyos-hostsd
-- 
cgit v1.2.3