Re: Check against TWO possible password?
Federico Giannici wrote:
Federico Giannici wrote:
Alan DeKok wrote:
Federico Giannici wrote:
Now we have to check every authentication against TWO different
passwords (it's OK if ONE is matched). Something like setting two
different and alternative "User-Password" attributes...
Sort of. See doc/configurable_failover.
I read it, but I'm a little confused...
How can I use it to make the AUTHENTICATE sections to be tried a SECOND
time (with a different Cleartext-Password set by an authorization
module), if the first time the authentication failed?
OK, I think I understood how to implement it by means of group{}: if the
pap/chap/etc authentication fails then I have to call the authentication
routine of my module to change the "Cleartext-Password" and then call
the pap/chap/etc authentication again.
I'm I right?
OK, it seems to work.
At the end of this email there is my authenticate{} section.
Is it correct?
Is there a simpler way to implement it?
Please note that "nm" is my custom module that eventually does a
pairreplace() of the "User-Password" attribute. It only returns
RLM_MODULE_UPDATED or RLM_MODULE_NOOP.
Thanks.
authenticate {
Auth-Type PAP {
group {
pap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = 1
userlock = return
invalid = return
handled = return
}
nm {
noop = reject
updated = 1
}
pap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = return
userlock = return
invalid = return
handled = return
}
}
}
Auth-Type CHAP {
group {
chap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = 1
userlock = return
invalid = return
handled = return
}
nm {
noop = reject
updated = 1
}
chap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = return
userlock = return
invalid = return
handled = return
}
}
}
Auth-Type MS-CHAP {
group {
mschap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = 1
userlock = return
invalid = return
handled = return
}
nm {
noop = reject
updated = 1
}
mschap {
notfound = return
noop = return
ok = return
updated = return
fail = return
reject = return
userlock = return
invalid = return
handled = return
}
}
}
}
--
___________________________________________________
__
|- giannici@neomedia.it
|ederico Giannici http://www.neomedia.it
___________________________________________________
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.