3.34.1. AuthByPolicy Previous topic Parent topic Child topic Next topic

This parameter allows you to control the behaviour of multiple AuthBy clauses inside this <AuthBy GROUP>. In particular, it allows you to specify under what conditions Radiator tries the next AuthBy clause. If you only have one AuthBy clause, AuthByPolicy is not relevant and is ignored.
You can specify more than one AuthBy clause for a single Realm, Handler, or <AuthBy GROUP>. The normal behaviour of Radiator is to try to authenticate with the first one. If that authentication method either Accepts or Rejects the request, then Radiator immediately sends a reply to the NAS. If the AuthBy ignores the request, then the next one is tried. That is the default behaviour, you can change it using AuthByPolicy. The permissible values of AuthByPolicy are:
  • ContinueWhileIgnore
    This is the default. Continue trying to authenticate until either Accept, Challenge, or Reject.
  • ContinueUntilIgnore
    Continue trying to authenticate until Ignore.
  • ContinueWhileAccept
    Continue trying to authenticate as long as it is Accepted.
  • ContinueUntilAccept
    Continue trying to authenticate until it is Accepted.
  • ContinueWhileChallenge
    Continue trying to authenticate as long as it is Challenged.
  • ContinueUntilChallenge
    Continue trying to authenticate until it is Challenged.
  • ContinueWhileReject
    Continue trying to authenticate as long as it is Rejected.
  • ContinueUntilReject
    Continue trying to authenticate until it is Rejected.
  • ContinueWhileAcceptOrChallenge
    Continue trying to authenticate as long as it is either Accepted or Challenged.
  • ContinueUntilAcceptOrChallenge
    Continue trying to authenticate until it is either Accepted or Challenged.
  • ContinueUntilRejectOrChallenge
    Continue trying to authenticate until it is either Reject or Challenged.
  • Anything else
    Always do every authentication method. Returns the result of the last one.
Here is an example of using AuthByPolicy:
# Authenticate with SQL, but if they are rejected 
# fall back to a flat file
AuthByPolicy ContinueWhileReject
<AuthBy SQL>
      ....
</AuthBy>
<AuthBy FILE>
      ....
</AuthBy>
You can only have one AuthByPolicy parameter and it applies to all the AuthBy clauses. You cannot change it between AuthBy clauses.
Tip
ContinueUntilAcceptOrChallenge is the most useful one when using EAP requests in an <AuthBy GROUP> with multiple internal AuthBys.