Check against TWO possible password?
Federico Giannici
giannici at neomedia.it
Sun Feb 4 13:10:17 CET 2007
Federico Giannici wrote:
> Alan DeKok wrote:
>> Federico Giannici wrote:
>>> Now we have to check every authentication against TWO different
>>> passwords (it's OK if ONE is matched). Something like setting two
>>> different and alternative "User-Password" attributes...
>> Sort of. See doc/configurable_failover.
>
> I read it, but I'm a little confused...
>
> How can I use it to make the AUTHENTICATE sections to be tried a SECOND
> time (with a different Cleartext-Password set by an authorization
> module), if the first time the authentication failed?
OK, I think I understood how to implement it by means of group{}: if the
pap/chap/etc authentication fails then I have to call the authentication
routine of my module to change the "Cleartext-Password" and then call
the pap/chap/etc authentication again.
I'm I right?
But the following sentence of "doc/configurable_failover" perplexes me:
"authenticate{...}" itself is not a GROUP, even though it contains a
list of Auth-Type GROUPs, because its semantics are totally different -
it uses Auth-Type to decide which of its members to call, and their
order is irrelevant.
Currently the default authenticate{...} configuration contains a call to
eap WITHOUT any Auth-Type!
Is that sentence still correct?
Thanks.
--
___________________________________________________
__
|- giannici at neomedia.it
|ederico Giannici http://www.neomedia.it
___________________________________________________
More information about the Freeradius-Users
mailing list