Proxy on Fail.. Or intelligent proxy...Or Utilize multiple acocunt directories

[Alan DeKok]

Larry Ross wrote:
> I am looking at configuring FR to Auth accounts across multiple account
> directories.  Basically I would like FR to take in PAP queries, attempt
> Auth against krb, then if that comes back as a fail, try a secondary
> Radius server (Eduroam…) or module (Shibboleth).

  That's hard.

> We are looking at this as we foresee collisions occurring between
> accounts residing within other universities and our local guest accounts
> (which use email address as the principal).

  The simple answer is "don't have colliding usernames".

  Use email addresses for logins, *especially* for roaming users from
other universities.

  Having colliding usernames is very bad for a number of reasons.

  Alan DeKok.