server abfab-idp {
authorize {
- psk_authorize
+ psk_authorize
abfab_client_check
filter_username
preprocess
# cui
suffix {
- updated = 1
+ updated = 1
noop = reject
- }
+ }
eap {
ok = return
}
-sql
#
- # Instead of sending the query to the SQL server,
- # write it into a log file.
- #
-# sql_log
-
- #
# Un-comment the following if you want to modify the user's object
# in LDAP after a successful login.
#
exec
# Remove reply message if the response contains an EAP-Message
remove_reply_message_if_eap
+
+ # Uncomment to enable logging of certain Moonshot attributes. See
+ # mods-available/moonshot_custom_linelog.
+ # log_moonshot_authn_rp_proxy
+
# Access-Reject packets are sent through the REJECT sub-section of the
# post-auth section.
#
# 'edir_account_policy_check = yes' in the ldap module configuration
#
Post-Auth-Type REJECT {
+ # Uncomment to enable logging of certain Moonshot attributes. See
+ # mods-available/moonshot_custom_linelog.
+ # log_moonshot_authn_rp_proxy
+
# log failed authentications in SQL, too.
-sql
attr_filter.access_reject
# authentication failure And already has an EAP message
# For non-ABFAB, we insert the failure all the time, but for ABFAB
# It's more desirable to preserve reply-message when we can
-if &reply:Eap-Message {
+ if (&reply:Eap-Message) {
eap
- }
+ }
# Remove reply message if the response contains an EAP-Message
remove_reply_message_if_eap
}
+
+ # Uncomment to enable logging of certain Moonshot attributes. See
+ # mods-available/moonshot_custom_linelog.
+ # log_moonshot_authn_rp_proxy
}
#
# When the server decides to proxy a request to a home server,