Is there away to do this? We
are migrating from a flatfile auth system, to a hacked version of
AuthBySQL.pm, called AuthbyQIP. Now we need to keep authenticating
people off of the flat file, while also authenticating new people off the sql
database. Is there a way to do this?
Here's what I'm
thinking, it doesn't work, but I think it better illustrates what I'm trying
to do...
This is explained pretry well in the AuthBy secions of the
Handlers documentaion.
6.15.15 AuthBy
This specifies that the Handler
is to be authenticated with an <AuthBy> clause that is defined elsewhere.
The argument must specify the Identifier of the AuthBy clause to use. The AuthBy
clause may be defined anywhere else: at the top level, or in a Realm or Handler
clause. You can have as many AuthBy parameters as you wish. They will be used in
the order that they appear in the configuration file (subject to AuthByPolicy)
in the same way as <AuthBy > clauses.
----------------------
So according to this, you can place multiple AuthBy types in the same
handler or realm block, and the way
its parsed is controlled by the AuthByPolicy setting. Looks like you'd
perhaps want a ContinueWhileReject
type, so you'll only enter the 2nd AuthBy if the first one didnt get them
in, and not bother if they got authenticated
by the first method.
----------------------
6.21.1 AuthByPolicy
This parameter allows you to
control the behaviour of multiple AuthBy clauses inside this AuthBy GROUP. In
particular, it allows you to specify under what conditions Radiator will try the
next AuthBy clause. If you only have one AuthBy clause, AuthByPolicy is not
relevant and is ignored.
Recall that for a single Realm, Handler
or AuthBy GROUP, you can specify more than one AuthBy clause. The normal
behaviour of Radiator is to try to authenticate with the first one. If that
authentication method either Accepts or Rejects the request, then Radiator will
immediately send a reply to the NAS. If on the other hand the AuthBy Ignores the
request, then the next one will be tried. That is the normal and default
behaviour, but with AuthByPolicy, you can change it. The permissible values of
AuthByPolicy are:
- ContinueWhileIgnore
This is the default. Continue
trying to authenticate until either Accept or Reject
- ContinueUntilIgnore
Continue trying to authenticate
until Ignore
- ContinueWhileAccept
Continue trying to authenticate
as long as it is Accepted
- ContinueUntilAccept
Continue trying to authenticate
until it is Accepted
- ContinueWhileReject
Continue trying to authenticate
as long as it is Rejected
- ContinueUntilReject
Continue trying to authenticate
until it is Rejected
- anything
else
Always do every authentication
method. Returns the result of the last one.
|
