<br><br><div class="gmail_quote">On Fri, Jan 11, 2013 at 9:47 AM, Ben Hood <span dir="ltr"><<a href="mailto:0x6e6562@gmail.com" target="_blank">0x6e6562@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div><br></div><div>Can this also be made to work in conjunction with an LDAP provider, i.e. by chaining the supported LDAP backend with a custom backend to additionally validate the the token? I wondering whether you can require the client to answer both a username/password challenge (evaluated by the supported LDAP auth backend) as well as having the token checked by the the custom backend? Does the protocol and wiring flow allow for the LDAP backend to get re-used in this way or would you need to implement the custom backend that wraps the lookup against the LDAP directory and the lookup against the Radius server?</div>
</blockquote><div><br></div><div>If I recall correctly, one backend or the other would have to know about the other one and take care of the chaining rather than something like this being possible in the Rabbit configuration. The backend chosen to go with a given connection is basically the first one in the rabbitmq.config file's list of backends that succeeds as they're tried in order, and is bound irrevocably to that session thereafter.</div>
<div><br></div><div>Pursuing this outcome you might be able to call into specific parts of the LDAP backend as helpers, but a good hunk of your hybrid auth logic would be in your plugin itself.</div><div><br></div></div>