(RADIATOR) Dynamic selection of authentication module question ?

Markus Moeller huaraz at moeller.plus.com
Sat Feb 9 08:52:54 CST 2008


Is it possible to select an authentication module more dynamically (e.g. depending on the result of a previous module) ?

I was thinking of the following:

<AuthBy PAM>
        Identifier PAMAuthentication
        service radiusd
</AuthBy>

<AuthBy SQL>
        Identifier SQLAuthentication
        .
        .
</AuthBy>

<Realm>
        AuthByPolicy ContinueUntilReject
        AuthBy LDAPSelect
# Now call either AuthBy or pass it again through the correct realm  section
        AuthBy %{AuthID}
        AuthLog LogAuthentication
        # Log accounting to the detail file in LogDir
        AcctLogFileName %L/detail
# or
       Realm %{UserRealm}
#
</Realm>

<Realm local.com>
       AuthByPolicy ContinueUntilReject
       AuthBy SQLAuthentication
       AuthLog LogAuthentication
        # Log accounting to the detail file in LogDir
       AcctLogFileName %L/detail
</Realm>

<Realm central.com>
       AuthByPolicy ContinueUntilReject
       AuthBy PAMAuthentication
       AuthLog LogAuthentication
        # Log accounting to the detail file in LogDir
       AcctLogFileName %L/detail
</Realm>

Usually you would use the realm of a user to decide what to do with <REALM userrealm>, but in my case an  application can not provide the realm details. I can get the realm from an ldap server and can either set a variable, add it to the request as an attribute or as a check item. 
The only problem I have is I can not dynamically select the Authentication module nor process it via another Handler or Realm statement.

Or can I ?

Thank you
Markus
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080209/63bb78ac/attachment.html>


More information about the radiator mailing list