Forum Discussion
hooleylist
Feb 11, 2010Cirrostratus
By the way, part of the info I received from Support from C606593 was:
The error codes for AUTH::status correspond to the PAM API. There isn't a separate status code for [OCSP] revoked, so we didn't alter the AUTH::status command.
The error codes returned by AUTH::response_data for the error cases you're inquiring about largely come from OpenSSL directly. We don't have any information over why they decided to choose certain classes of error strings over others.
For RADIUS, on a successful response, AUTH::response data will contain the attributes returned by the server with a form of radius:attr: .
Similarly, for TACACS, the attributes will be with a form of tacplus:attr: .
For Kerberos, they will be with a form of krbdelegate:attr: .
For CRLDP, no attributes are returned.
In all of these cases, no results are returned if there is an error. Note that in the future, the general plan is for the APM functionality to supercede this iRule authentication, authorization, and error handling functionality.
Aaron