Auth-Type triggers special behaviour for authenticating the
user. The possible values are:
- Reject. Any access request will always be rejected. This is useful
for temporarily disabling logins for a given user.
- Accept. Forces acceptance, regardless of any following check
items. Use with caution.
- Reject:message. Same as for Reject, except that the message (which
can be any string) will be sent back to the user in a Reply-Message
(provided the enclosing Realm or Handler has RejectHasReason set).
This may be useful for telling your user why their login has been
rejected.
- Ignore. Any access request will always be ignored (i.e. no reply
will be sent back to the NAS). This is sometimes useful for triggering
special behaviour in cascaded AuthBy clauses.
- Anything else. Any other word specifies an Identifier in an AuthBy
clause which will used to authenticate the user. The name is matched
with the name specified in the Identifier parameter in an AuthBy
clause. You can name any other type of AuthBy module, be it SQL,
RADIUS, UNIX etc. Specifying Auth-Type for a user causes the
authentication to be cascaded to another authentication module. You
can cascade authentications like this to any arbitrary depth.
The Auth-Type check item is most useful when you want to have
check items and/or reply items, but also want to authenticate with native
Unix or NT passwords.
Checks all users using the authentication
method that has the identifier System:
DEFAULT Auth-Type = System
If
you want to temporarily disable logins for a single user:
username Auth-Type = Reject
This
one rejects the user and tells them why:
username Auth-Type = "Reject:you did not pay your bill"
This
will first authenticate with the Identifier System, and if they are also
in the group "staticip", they will continue to be authenticated with the
AuthBy clause that has the Identifier "statics":
DEFAULT Auth-Type=System, Group=staticip, Auth-Type=statics
