<<

NAME

pf::util::radius - RADIUS related utilities

DESCRIPTION

RADIUS related functions necessary to send, receive and understand RADIUS packets.

RFC2882 Network Access Servers Requirements: Extended RADIUS Practices

  Disconnect-Request
  Disconnect-ACK
  Disconnect-NAK

  CoA-Request
  CoA-ACK
  CoA-NAK

RFC3576 Dynamic Authorization Extensions to RADIUS

WARNING

This module is not afraid to die (throw exceptions) when something goes wrong.

SUBROUTINES

perform_dynauth

dynauth (Dynamic Authentication) refers to the concept of a Server-initiated RADIUS dialog with a NAS

Note: It doesn't support attribute stacking on the same key.

$connection_info is an hashref with following supported attributes:

  nas_ip - IP of the dynauth server
  nas_port - port of the dynauth server (default: 3799)
  secret - secret of the dynauth server
  timeout - number of seconds before the socket times out (default: 5)
  LocalAddr - local IP for the connection (directly passed to IO::Socket::INET)

$attributes is an hashref of the attribute_name => value form

$vsa (vendor specific attributes) is an arrayref like this:

  { attribute => $attribute_name, vendor => $vendor_name, value => $value }

Returns an hashref with

  Code => RADIUS reply code

and

  $attribute_name => $attribute_value

for every attribute returned.

perform_disconnect

Sending RADIUS disconnect message to a NAS. Attributes must be provided.

Note: It doesn't support attribute stacking on the same key.

$connection_info is an hashref with following supported attributes:

  nas_ip - IP of the dynauth server
  nas_port - port of the dynauth server (default: 3799)
  secret - secret of the dynauth server
  timeout - number of seconds before the socket times out (default: 5)

$attributes is an hashref of the attribute_name => value form

$vsa (vendor specific attributes) is an arrayref like this:

  { attribute => $attribute_name, vendor => $vendor_name, value => $value }

Returns an hashref with

  Code => RADIUS reply code

and

  $attribute_name => $attribute_value

for every attribute returned.

perform_coa

Sending RADIUS Change of Authorization (CoA) message to a NAS. Attributes must be provided.

Note: It doesn't support attribute stacking on the same key.

$connection_info is an hashref with following supported attributes:

  nas_ip - IP of the dynauth server
  nas_port - port of the dynauth server (default: 3799)
  secret - secret of the dynauth server
  timeout - number of seconds before the socket times out (default: 5)

$attributes is an hashref of the attribute_name => value form

$vsa (vendor specific attributes) is an arrayref like this:

  { attribute => $attribute_name, vendor => $vendor_name, value => $value }

Returns an hashref with

  Code => RADIUS reply code

and

  $attribute_name => $attribute_value

for every attribute returned.

AUTHOR

Inverse inc. <info@inverse.ca>

COPYRIGHT

Copyright (C) 2005-2015 Inverse inc.

LICENSE

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

<<