Want to silently discard the request if authentication module as?web?service client connecting to the web service server is down.

[Alexander Clouter]

Ankur G <ankur.g at globallogic.com> wrote:
> 
> We have a little different scenario. We have two different instances of web
> server connecting to two different Radius server such that if one of the
> radius server not able to connect the webserver, radius client can fail over to
> another radius server which has a different web-server connecting. Find
> below is the scenario:
> 
>  /--W1--\  --  /--- R1 ---\
>                                     --- C
>  /--W2--\  --  /--- R2 ---\
> 
Why can't R1 talk to W1 *and* W2?  Your module should be able to try 
using both surely (if W1 fails, it should try W2)?

I suspect it would be a strange network failure if W1 and W2 are 
unreachable to R1 but R2 could still speak to W2 (misconfiguration 
rather than node/router failure)?

Well, you should still use FAIL in your module rather than REJECT if 
something internal to the module has failed.  Combine this with what 
Alan already has pointed you to, do_not_respond in policy.conf, and you 
should be able to get to where you want to be.

Cheers

-- 
Alexander Clouter
.sigmonster says: If you sow your wild oats, hope for a crop failure.