Federico Giannici wrote: > Alan DeKok wrote: >> Federico Giannici wrote: >>> Now we have to check every authentication against TWO different >>> passwords (it's OK if ONE is matched). Something like setting two >>> different and alternative "User-Password" attributes... >> Sort of. See doc/configurable_failover. > > I read it, but I'm a little confused... > > How can I use it to make the AUTHENTICATE sections to be tried a SECOND > time (with a different Cleartext-Password set by an authorization > module), if the first time the authentication failed?
OK, I think I understood how to implement it by means of group{}: if the pap/chap/etc authentication fails then I have to call the authentication routine of my module to change the "Cleartext-Password" and then call the pap/chap/etc authentication again. I'm I right? But the following sentence of "doc/configurable_failover" perplexes me: "authenticate{...}" itself is not a GROUP, even though it contains a list of Auth-Type GROUPs, because its semantics are totally different - it uses Auth-Type to decide which of its members to call, and their order is irrelevant. Currently the default authenticate{...} configuration contains a call to eap WITHOUT any Auth-Type! Is that sentence still correct? Thanks. -- ___________________________________________________ __ |- [EMAIL PROTECTED] |ederico Giannici http://www.neomedia.it ___________________________________________________ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html