raddb/sites-available/channel_bindings

   1 #
   2 #  A virtual server which is used to validate channel-bindings.
   3 #
   4 #       $Id$
   5 #
   6 #
   7 #
   8 server channel_bindings {
   9 #
  10 #  Only the "authorize" section is needed.
  11 #
  12 authorize {
  13         if (GSS-Acceptor-Service-Name && (outer.request:GSS-Acceptor-Service-Name != GSS-Acceptor-Service-Name)) {
  14                 reject
  15         }
  16
  17         if (GSS-Acceptor-Service-Name || GSS-Acceptor-Realm-Name || GSS-Acceptor-Host-Name) {
  18                 update control {
  19                         Chbind-Response-Code := success
  20                 }
  21
  22                 #
  23                 #  ACK the attributes in the request.
  24                 #
  25                 #  If any one of these attributes don't exist in the request,
  26                 #  then they won't be copied to the reply.
  27                 #
  28                 update reply {
  29                         GSS-Acceptor-Service-Name = &GSS-Acceptor-Service-Name
  30                         GSS-Acceptor-Host-Name = &GSS-Acceptor-Host-Name
  31                         GSS-Acceptor-Realm-Name = &GSS-Acceptor-Realm-Name
  32                 }
  33         }
  34
  35         #
  36         #  Return "handled" so that the "authenticate" section isn't used.
  37         #
  38         handled
  39 }
  40 }