(RADIATOR) Cisco VPN 3030 and multiple handlers?
Jeff Wolfe
wolfe at ems.psu.edu
Thu May 13 20:45:09 CDT 2004
Hugh Irvine wrote:
>
> Hello Jeff -
>
> I am not quite sure how you want to do the authorisation, but if you
> want to chain multiple AuthBy clauses you should use an AuthByPolicy to
> control the execution sequence. Something like this:
>
> AuthByPolicy ContinueWhileAccept
>
> <AuthBy FILE>
> .....
> </AuthBy>
>
> <AuthBy KRB5>
> .....
> </AuthBy>
>
> If you tell me a bit more about your requirements I will try to make
> some sensible suggestions.
>
That sounds like what I'm looking for. I want to control who can authenticate
to the kerberos realm based on the called-station-id. If the called-station-id
matches my wirless interface IP, then I want anyone in the realm to be able to
authenticate. If the called-station-id matches my remote access interface IP, I
want to apply an additional check to see if the user is in a list (preferably
an SQL table) before I allow them to auth against the kerberos realm. If
they're not on the list, they're denied, if they're on the list, they have to
auth against the kerberos realm.
Thanks!
-JEff
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list