@authentication

Variant of @execute which is only executed for authentication requests. Accepting from this pipeline allows execution to continue to the @authorization pipeline (if the request is not accounting-only). Rejecting from this pipeline will reject the request immediately.

Note: The @ prefix is required for pipeline blocks. The legacy syntax without @ (e.g., authentication {}) is deprecated and emits warnings. Use @authentication {} for new configurations.

See also

• Execution context - Available variables
• Actions - Available actions
• Pipeline directives - Control flow

Example

aaa {
    policy "DEFAULT" {
        handler "AUTH" {
            @authentication {
                backend "users";
                pap;
                accept;
            }
        }
    }
}