2 # Sample of a policy language for rlm_policy.
4 # As of 2.0.0, the new configuration "un-language" supports
5 # significantly more features than rlm_policy. It has also
6 # been more thoroughly tested. rlm_policy is deprecated,
7 # and will be removed in a future release.
10 # There's no documentation other than this file.
12 # The syntax is odd, but it sort of works.
13 # It's not intended for production use.
14 # Use it if you want obscure error messages and possibly server crashes.
18 # Debugging statements
20 #debug print_tokens # as we're parsing this file
21 debug print_policy # once the file has been parsed
22 debug evaluate # print limited information during evaluation
28 if (Time-Of-Day < "15:00") {
30 # Use ARAP-Password for testing because it's an attribute
32 ARAP-Password = "< 15:00"
39 # A named policy, executed during the "authorize" phase,
40 # because it's named "authorize".
44 if (!(CHAP-Challenge)) {
45 print "Adding CHAP-Challenge = %{request:Packet-Authentication-Vector}\n"
48 # Append all attributes to the specified list.
49 # The per-attribute operators MUST be '='
52 CHAP-Challenge = "%{request:Packet-Authentication-Vector}"
57 # Use per-attribute operators to do override, replace, etc.
58 # It's "control", not "check items", because "check items"
59 # is a hold-over from the "users" file, and we no longer like that.
67 # This could just as well be "%{ldap: query...}" =~ ...
69 # if ("%{User-Name}" =~ "^(b)") {
71 # Arap-Password = "Hello, %{1}"
76 # Execute "3pm", as if it was in-line here.