Allow defining authentication methods available for a user with the help of a password policy.

Right now an authentication method associated with a specific user can only be defined either globally for all users or globally and per-user. In addition, some authentication methods do not allow global application of a particular method's properties even though the method itself can be applied globally.

For example, RADIUS authentication method can be defined globally but cannot be applied without RADIUS proxy link defined in the individual user entry. When there are thousands and hundreds thousands users, linking individual user entries to the RADIUS proxy link becomes error-prone and time-consuming.

Kerberos ticket policies already define per-authentication indicator attributes. This method can be extended to apply RADIUS link or other per-authentication method settings to password policies. As password policies can be applied to a group, this would allow applying RADIUS or other authentication method properties to all members of a group.