Federico Giannici wrote:
Alan DeKok wrote:Federico Giannici wrote:Now we have to check every authentication against TWO different passwords (it's OK if ONE is matched). Something like setting two different and alternative "User-Password" attributes...Sort of. See doc/configurable_failover.I read it, but I'm a little confused...How can I use it to make the AUTHENTICATE sections to be tried a SECOND time (with a different Cleartext-Password set by an authorization module), if the first time the authentication failed?
OK, I think I understood how to implement it by means of group{}: if the pap/chap/etc authentication fails then I have to call the authentication routine of my module to change the "Cleartext-Password" and then call the pap/chap/etc authentication again.
I'm I right? But the following sentence of "doc/configurable_failover" perplexes me:"authenticate{...}" itself is not a GROUP, even though it contains a list of Auth-Type GROUPs, because its semantics are totally different - it uses Auth-Type to decide which of its members to call, and their order is irrelevant.
Currently the default authenticate{...} configuration contains a call to eap WITHOUT any Auth-Type!
Is that sentence still correct?
Thanks.
--
___________________________________________________
__
|- giannici@neomedia.it
|ederico Giannici http://www.neomedia.it
___________________________________________________