Federico Giannici wrote:
Alan DeKok wrote:
Federico Giannici wrote:
Now we have to check every authentication against TWO different passwords (it's OK if ONE is matched). Something like setting two different and alternative "User-Password" attributes... Sort of. See doc/configurable_failover.
I read it, but I'm a little confused...
How can I use it to make the AUTHENTICATE sections to be tried a SECOND time (with a different Cleartext-Password set by an authorization module), if the first time the authentication failed?
OK, I think I understood how to implement it by means of group{}: if the pap/chap/etc authentication fails then I have to call the authentication routine of my module to change the "Cleartext-Password" and then call the pap/chap/etc authentication again. I'm I right? But the following sentence of "doc/configurable_failover" perplexes me: "authenticate{...}" itself is not a GROUP, even though it contains a list of Auth-Type GROUPs, because its semantics are totally different - it uses Auth-Type to decide which of its members to call, and their order is irrelevant. Currently the default authenticate{...} configuration contains a call to eap WITHOUT any Auth-Type! Is that sentence still correct? Thanks. -- ___________________________________________________ __ |- giannici@neomedia.it |ederico Giannici http://www.neomedia.it ___________________________________________________