Thanks for the suggestions; the key hint you and Hugh gave me is that
both DUO and RADIUS always return IGNORE (or REJECT in certain failure
modes), never ACCEPT. What I came up with looks like a combination of
your suggestions:
AuthByPolicy ContinueWhileAccept
AuthByPolicy
Hello again -
Actually, I think Heikki’s answer is correct, due to the AuthBy DUO returning
IGNORE.
Its simpler too, although if the AuthBy DUO returns REJECT you’ll still call
the AuthBy RADIUS.
regards
Hugh
On 9 Nov 2013, at 10:40, Hugh Irvine wrote:
>
> Hello Christopher -
>
> What
Hello Christopher -
What are the possible return values from your LDAP2 and DUO clauses?
If I understand what you describe correctly you should be able to do this:
AuthByPolicy ContinueWhileIgnore
AuthByPolicy ContinueWhileAc
Hello Christopher,
here's my take:
AuthByPolicy ContinueWhileReject
AuthByPolicy ContinueWhileAccept
AuthBy LDAP2
AuthBy DUO
# DUO is async, returns IGNORE, just like RADIUS
AuthBy RADIUS
If LDAP happens to be down or returns an error, AuthBy
That would seem to yield the effective logic:
AuthBy LDAP2
if result = ACCEPT
then
AuthBy DUO
if result != ACCEPT
then
AuthBy RADIUS
endif
endif
which is not what I want - either DUO or RADIUS should be invoked, never
both; which one is invoked is determined by the result of LDA
Hello Christopher -
Something like this:
AuthByPolicy ContinueWhileAccept
AuthBy LDAP2
AuthByPolicy ContinueUntilAccept
AuthBy DUO
AuthBy RADIUS
I have a need to handle multiple authentication methods which returns
something like this:
AuthBy LDAP2
if result = ACCEPT
then
AuthBy DUO
else
AuthBy RADIUS
with the ultimate authentication result coming from either the DUO or
RADIUS module. I tried to figure out a way to arrange
