rule twoauth {
when CLIENT_ACCEPTED {
set ldap_authed 0
set radius_authed 0
}
when HTTP_REQUEST {
set username [HTTP::username]
set password [HTTP::password]
set asid_ldap [AUTH::start pam default_ldap]
set asid_radius [AUTH::start pam default_radius]
AUTH::username_credential $asid_ldap $username
AUTH::password_credential $asid_ldap $password
AUTH::authenticate $asid_ldap
AUTH::username_credential $asid_radius $username
AUTH::password_credential $asid_radius $password
AUTH::authenticate $asid_radius
HTTP::collect
}
when AUTH_SUCCESS {
if {$asid_ldap eq [AUTH::last_event_session_id]} {
set ldap_authed 1
}
if {$asid_radius eq [AUTH::last_event_session_id]} {
set radius_authed 1
}
if {$radius_authed == 1 && $ldap_authed == 1} {
HTTP::release
}
}
when AUTH_FAILURE {
if {$asid_ldap eq [AUTH::last_event_session_id] ||
$asid_radius eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}
when AUTH_WANTCREDENTIAL {
if {$asid_ldap eq [AUTH::last_event_session_id] ||
$asid_radius eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}
when AUTH_ERROR {
if {$asid_ldap eq [AUTH::last_event_session_id] ||
$asid_radius eq [AUTH::last_event_session_id]} {
HTTP::respond 401
}
}
}