Affects Version/s: None
Fix Version/s: v2.6.0
Use case 1: we have users with password1 and some with password2 credentials. We want to present a single authentication option on UI for them, using the appropriate credential (as determined at authN time).
Use case 2: we have users with password credential (local) and users with password in LDAP. We want to present a single authentication option for them, using the appropriate credential (as determined at authN time).
To achieve this a new password verificator can be introduced: composite-password. This verificator will be compatible with all password retrievals as all other existing currently. It should be configured with a list of local passwords and list of remote verificators (configured). The behaviour should be as follows:
- check if authenticated user is a local user and has any of the local credentials set. If yes authenticate with this credential (selecting the first one available from the list).
- otherwise try authenticating one by one with remove verificators.
Note for testing: currently for remote password verificators we can have LDAP and PAM