On Mon, Nov 12, 2018, 08:02 SergeyKh <[email protected] wrote: > oh i see. thank you very much. > do you any have plans to make some kind of flexible authorization that > could use one or two authorization sources like radius? > ldap+radius or radius+radius or local-sql+radius > ? >
Guacamole does already do this. Once the user has been authenticated, each extension is polled to authorize that user for the resources provided by that extension, if any. There can be only one source of identity, but all other extensions have the option to further verify, ignore, or veto that identification. Based on your past emails to this list, I don't think what you're looking for is multiple sources of authorization (which Guacamole does provide) or multiple sources of authentication (which Guacamole also provides), but rather allowing RADIUS to function as an additional authentication factor rather than the first factor. There are no current plans to modify the RADIUS support to allow it to function as an additional factor on top of other authentication mechanisms. If this truly is a standard arrangement - RADIUS serving as a second/third/etc. factor on top of whatever source has provided the base authentication, then I'm sure there will be such plans, though we'd need to see some documentation of that standard use. I'm not personally familiar enough with RADIUS to judge either way at the moment. - Mike
