(RADIATOR) Dynamic selection of authentication module question ?
Markus Moeller
huaraz at moeller.plus.com
Sat Feb 9 08:52:54 CST 2008
Is it possible to select an authentication module more dynamically (e.g. depending on the result of a previous module) ?
I was thinking of the following:
<AuthBy PAM>
Identifier PAMAuthentication
service radiusd
</AuthBy>
<AuthBy SQL>
Identifier SQLAuthentication
.
.
</AuthBy>
<Realm>
AuthByPolicy ContinueUntilReject
AuthBy LDAPSelect
# Now call either AuthBy or pass it again through the correct realm section
AuthBy %{AuthID}
AuthLog LogAuthentication
# Log accounting to the detail file in LogDir
AcctLogFileName %L/detail
# or
Realm %{UserRealm}
#
</Realm>
<Realm local.com>
AuthByPolicy ContinueUntilReject
AuthBy SQLAuthentication
AuthLog LogAuthentication
# Log accounting to the detail file in LogDir
AcctLogFileName %L/detail
</Realm>
<Realm central.com>
AuthByPolicy ContinueUntilReject
AuthBy PAMAuthentication
AuthLog LogAuthentication
# Log accounting to the detail file in LogDir
AcctLogFileName %L/detail
</Realm>
Usually you would use the realm of a user to decide what to do with <REALM userrealm>, but in my case an application can not provide the realm details. I can get the realm from an ldap server and can either set a variable, add it to the request as an attribute or as a check item.
The only problem I have is I can not dynamically select the Authentication module nor process it via another Handler or Realm statement.
Or can I ?
Thank you
Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080209/63bb78ac/attachment.html>
More information about the radiator
mailing list