x.auth - Authentication Hooks

Authentication table t

The table passed in each authentication hook, a table is passed to the function:

Key Type Description
t.server string Name of the service. ftp, tcp, web, ppp, passthru
t.channel integer/nil The channel number (if appropriate)
t.username string Username string
t.hash string SHA-1 hash of password (or nil for PPP)
t.interface string ppp0s, et0, lo0
t.modem boolean/nil true or nil
t.pppuser string nil or true
t.peer string nil or IP address

FTP, TCP, Web, Pass-through Authentication

x.auth.ftp = function(t)
x.auth.tcp = function(t)
x.auth.passthru = function(t)
x.auth.web = function(t)

Called every time an authentication is performed for the particular service. Called before any reference to RADIUS, the function is passed a Lua table.

Function Return Values

The return values signal to the ip.buffer what to do with this authentication request:

Return Type Value Description
nil continue as before (use RADIUS or Local as programmed)
integer -1 Timeout simulated. Fall back to local
integer 0 Reject request
integer 1-4 Accept for channel 1 to 4
string 'R' Fallback to RADIUS
string 'B' Fallback to Both – RADIUS & Local
string 'T' Fallback to RADIUS and Local on Timeout
string 'L' Fallback to Local

PPP Authentication

x.auth.ppp = function(table)

Called when a PPP user is authenticated.
The table structure is #Authentication table t.

Function Return Values

Return Type Value Description
nil continue as before (Lua function has no view on this user)
boolean false deny user
string Secret Store keyname to use as the PPP password for the given username.
nil, string absolute password to compare for the given username