[ < ] [ > ]   [ << ] [ Up ] [ >> ]         [Top] [Contents] [Index] [ ? ]

13.3.3 Auth-Failure-Trigger

This attribute specifies an external program or a Scheme expression to be run upon an authentication failure. The handling of this attribute depends upon its value:

If the value of Auth-Failure-Trigger begins with ‘/’, it is taken to contain a command line for invoking an external program. In this case radiusd invokes the program much the same way it does when handling Exec-Program attribute, i.e. the program is invoked with standard input closed, its standard output and standard error are captured and redirected to ‘radlog/radius.stderr’ file, the return value of the program is ignored.

If the value of Auth-Failure-Trigger begins with ‘(’, it is executed it as a Scheme expression. The return value of the expression is ignored.

This attribute is designed as a means to provide special handling for authentication failures. It can be used, for example, to increase failure counters and to block accounts after a specified number of authentication failures occurs. See section Controlling Authentication Probes, for the detailed discussion of its usage.

This document was generated by Sergey Poznyakoff on December, 6 2008 using texi2html 1.78.