[RADIATOR] Ideas on group and reply attribs parsing

Garry Shtern Garry.Shtern at twosigma.com
Thu Apr 4 07:40:22 CDT 2013


All,

I am trying to accomplish the following goal and would love ideas on the best way to accomplish it...


-          Setup clients with identifiers.

-          In the user file specify multiple defaults, with Client-Identifier, Auth-Type and optional Group attributes in check replies, and different reply attributes.

-          Defined custom AuthBy with identifiers in the policy file.

Example:
(users)
DEFAULT Client-Identifier=abc, Auth-Type=Krb-Ldap, Group=grp1
                Custom-Attribute=1

DEFAULT Client-Identifier=abc, Auth-Type Krb-Ldap, Group=grp2
                Custom-Attribute=2

(policy)
<AuthBy LDAP2>
                Identifier Ldap
...
</AuthBy>

<AuthBy KRB5>
                Identifier Krb
...
</AuthBy>

<AuthBy GROUP>
                Identifier Krb-Ldap
                AuthByPolicy ContinueWhileAccept
                AuthBy krb-auth
                AuthBy ldap-auth
</AuthBy>

I want the following:

-          Auth-TypeKrb-Ldap called only once, which will verify the user's password and retrieve all the groups he is part of.

-          Parse users file, matching the first DEFAULT where Group matches one of the groups that were retrieved above.

-          Have AuthBy's that don't support Groups check just ignore it, instead of returning a reject.

Thanks!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20130404/8ca425be/attachment.html 


More information about the radiator mailing list