ClearBox Server v1.2 Developer's Guide |
ITACACSProxyPolicy::CheckAuthenticationCalled by server before forwarding authentication packet (via FOLLOW action) to remote server to give extension chance to reject packet. HRESULT CheckAuthentication( [in] long tag, [in] TAC_AUTHEN_LITE * authenInfo, [out] VARIANT_BOOL * authenOK); Parameters
Return ValuesIf extension returns error code, it is assumed that packet will be forwarded normally. Thread SafetyThis method is called in context of WORK thread. (See Server Threads Model for details.) You should synchronize data which is shared with other threads. Memory ManagementMemory for authenInfo fields is allocated and freed by server, so extension must not change them. RemarksAlthough server extension may reject packet in ITACACSRealmStripping::TACACSRealmStripAuthen, it is more clear logically to make it hear, as TACACSRealmStripAuthen is suited for realm stripping. Example CodeThis code will reject all users requesting privilege level higher than 1, all other packets are forwarded. STDMETHODIMP CTest::CheckAuthentication( long tag, TAC_AUTHEN_LITE * authenInfo, VARIANT_BOOL * authenOK) { if (authenInfo->privilege_level>1) *authenOK=VARIANT_FALSE; else *authenOK=VARIANT_TRUE; return S_OK; } See AlsoITACACSProxyPolicy, TACACS+ realm stripping and forwarding process © 2001-2003 XPerience Technologies. www.xperiencetech.com |
Created by chm2web html help conversion utility. |