AuthenProto specifies which
authentication protocols are permitted for authentication. It is an
optional parameter. AuthenProto is available for all
AuthBy modules but its functionality depends on the
specific AuthBy. It does not affect proxying or
special AuthBy modules, such as <AuthBy
INTERNAL> which do their own request handling.
If the
authentication request is rejected because of this parameter setting, the
failure is logged as a WARNING in Radiator log, and
available for all AuthLog clauses as the failure
reason.
Allowed values for AuthenProto
are:
PAPCHAPMSCHAPMSCHAPv2SIPDigestEAPAuthorizeOnlyUnknown
The default value is PAP, CHAP, MSCHAP, MSCHAPv2, EAP,
AuthorizeOnly. The value is AuthorizeOnly if the
request does not match any of the other values but has Service-Type
attribute set to Authorize-Only. The value is Unknown
when the authentication protocol cannot be determined. The default for
AuthenProto covers the usual user authentication
protocols. Add Unknown to those
AuthBys that need to handle the authentication
requests that do not have the correct combination of any of the
following:
- CHAP attributes
- MSCHAP attributes
- MSCHAPv2 attributes
- User-Password attribute
- EAP-Message attributes
- Service-Type attribute set to Authorize-Only
Here is an example of using
AuthenProto:
# Allow PAP only
AuthenProto PAP
# Allow all CHAP variants
AuthenProto CHAP,MSCHAP,MSCHAPv2
# Empty list allows nothing
AuthenProto
# Unknown allows anything else. This allows PAP and requests that are not
# CHAP, MSCHAP, MSCHAPv2, SIPDigest, EAP or AuthorizeOnly
AuthenProto PAP, Unknown
