Request about implementation of alternate authentication mechanism in freeradius
Matthew Newton
mcn4 at leicester.ac.uk
Tue Apr 29 16:25:04 CEST 2014
On Tue, Apr 29, 2014 at 04:08:09PM +0200, Michal Vymazal wrote:
> No exactly.
> We want to enable to ldap to use more than one password for one service.
>
> Means - hash no. 1 not match - ldap will try the hash no. 2 etc.
So you configure one ldap instance (say, "ldap1") to do the first
hash check, and a second ldap instance ("ldap2") to check the second
hash, then do
redundant {
ldap1
ldap2
}
so if the first check fails, the second one is tried?
As on http://wiki.freeradius.org/config/Fail%20over
Unless I'm missing something, I don't understand yet why this
needs additional code. Although ldap is a lookup database not
really an auth mechanism, so you might do two lookups, then call
pap in a redundant section, for example. But the theory is the
same.
Matthew
> Dne 29.4.2014 16:02, Matthew Newton napsal(a):
> > On Tue, Apr 29, 2014 at 02:44:12PM +0200, Michal Vymazal wrote:
> >> We are going to append binary code to some ldap modules - the goal is to
> >> enable ldap to use "alternate passwords" for some ldap entries. Means,
> >> every app using ldap bind will can use "alternate passwords" to verify
> >> the user access. Useful for the environment of mobile devices etc.
> >
> > This is difficult to understand, but sounds like you want to just
> > use two instances of ldap, checking different LDAP password
> > attributes, with failover? In which case, no code changes
> > required.
> >
> > Matthew
> >
> >
>
>
> --
> Michal Vymazal
> work: CESNET, z.s.p.o.
> AAI Department
> Zikova 4, 160 00 Praha 6
> Czech Republic
> http://www.cesnet.cz/
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Devel
mailing list