All,
I am trying to accomplish the following goal and would love ideas on the best
way to accomplish it...
- Setup clients with identifiers.
- In the user file specify multiple defaults, with Client-Identifier,
Auth-Type and optional Group attributes in check replies, and different reply
attributes.
- Defined custom AuthBy with identifiers in the policy file.
Example:
(users)
DEFAULT Client-Identifier=abc, Auth-Type=Krb-Ldap, Group=grp1
Custom-Attribute=1
DEFAULT Client-Identifier=abc, Auth-Type Krb-Ldap, Group=grp2
Custom-Attribute=2
(policy)
<AuthBy LDAP2>
Identifier Ldap
...
</AuthBy>
<AuthBy KRB5>
Identifier Krb
...
</AuthBy>
<AuthBy GROUP>
Identifier Krb-Ldap
AuthByPolicy ContinueWhileAccept
AuthBy krb-auth
AuthBy ldap-auth
</AuthBy>
I want the following:
- Auth-TypeKrb-Ldap called only once, which will verify the user's
password and retrieve all the groups he is part of.
- Parse users file, matching the first DEFAULT where Group matches one
of the groups that were retrieved above.
- Have AuthBy's that don't support Groups check just ignore it,
instead of returning a reject.
Thanks!
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
