[RADIATOR] Ideas on group and reply attribs parsing
Garry Shtern
Garry.Shtern at twosigma.com
Thu Apr 4 07:40:22 CDT 2013
All,
I am trying to accomplish the following goal and would love ideas on the best way to accomplish it...
- Setup clients with identifiers.
- In the user file specify multiple defaults, with Client-Identifier, Auth-Type and optional Group attributes in check replies, and different reply attributes.
- Defined custom AuthBy with identifiers in the policy file.
Example:
(users)
DEFAULT Client-Identifier=abc, Auth-Type=Krb-Ldap, Group=grp1
Custom-Attribute=1
DEFAULT Client-Identifier=abc, Auth-Type Krb-Ldap, Group=grp2
Custom-Attribute=2
(policy)
<AuthBy LDAP2>
Identifier Ldap
...
</AuthBy>
<AuthBy KRB5>
Identifier Krb
...
</AuthBy>
<AuthBy GROUP>
Identifier Krb-Ldap
AuthByPolicy ContinueWhileAccept
AuthBy krb-auth
AuthBy ldap-auth
</AuthBy>
I want the following:
- Auth-TypeKrb-Ldap called only once, which will verify the user's password and retrieve all the groups he is part of.
- Parse users file, matching the first DEFAULT where Group matches one of the groups that were retrieved above.
- Have AuthBy's that don't support Groups check just ignore it, instead of returning a reject.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130404/8ca425be/attachment.html
More information about the radiator
mailing list