My application is using a RADIUS client implementation in order to authenticate users (using username/password and a shared secret). In the response from the server (Access-Accept), various attributes are provided, and I use them for getting a few relevant user properties.
The problem: once in a while, I need to refresh the value of the "Class" attribute. I don't have the full credentials any more, only the user name, and I don't want to force the users to re-authenticate. Is there any way to fetch this attribute without the password?
The Class attribute is a session cookie which is returned by the RADIUS server in the authentication packets and then sent back by the RADIUS client in the accounting packets. I am pretty sure you cant refresh the Class attributes without re-authenticating.