get groupid/privilege-level through pam/radius

Hi

I am trying to use pam_radius_auth for authentication. I have this
requirement that the access to the users should be controlled based on
their privilege level. However pam or radius does not seem to deal with
the issue of privilege level. I can try to get something like a group
id information from radius through vendor-specific-attributes. but
there doesnt seem to a standard function to retrieve the group id
(privilege level) from pam modules. I can potentially use environment
variables (pam_putenv/pam_setenv) to pass this information, but that
would require modifying all my applications like login,ftp etc. Would i
have to make something like a nss_radius if i want to do this(of course
i wont have the password information in the returned structure - just
put that in so people dont shout security breach).
Has any one faced a problem like this? Can somebody please give me
suggestions as to how i should go about implementing this radius based
authentication through pam. Please help

Thanks
Ganesh