Multiple authentication methods at the same time?

Thomas A. Fine fine at head.cfa.harvard.edu
Wed Feb 16 22:23:58 CET 2011


Hi,

I thought this would be easy but now I'm wondering if it will be
possible at all.  We are transitioning to a DMZ for all ssh logins.
During phase one, people will use a standard (but different than
internal) password which will be obtained either through LDAP or
the passwd module (we just haven't picked one yet, either should
be fine).

But eventually the DMZ ssh will need to be OTP.  So I wanted to
be able to offer OTP as an option during transition for people to
try out and get used to while still being able to use their other
traditional password.

So fallback in the case of one method (e.g. LDAP) being unavailable
is pretty easy.  But in this case both methods would be available,
and I'd want to test the password against both methods.

Is this even possible?  It seems like once it has found a working
module in authorize, it can only use that one module in authenticate.

What's the solution?

      tom

      tom



More information about the Freeradius-Users mailing list