password failover

[Alan DeKok]

Norbert Wegener wrote:
> But it would be helpful for a service desk to know that an expired
> certificate was the reason to refuse access.
> My intention was to provide this information in radpostauth.
> It seems, this cannot be achived the way I tried. Is there another way
> to go for this?

  The code would have to be updated to look for one of many OpenSSL
error messages, and then log it.  Logging a "certificate expired"
message would be useful, I admit...

  Alan DeKok.