You might try this. You can specify the name of the authenticator to use IN the password box:
- set the default Passport authenticator to be your AD one and also select Password as a Passport authenticator
- hit the rule so you get the login/password box. Type your login name in one box (a username ON the firewall itself), and in the password box type 'Password:yourpassword' (yourpassword is the password of the firewall user you typed in the previous box).
See if that allows you to use the Password authenticator to generate your Passport when the AD authenticator is the default one.
I will give this a try when I get to the office tomorrow morning (UK-time).
Yes - that's done the trick.
For the benefit of others: I have created an Active Directory authenticator, calling it "AD".
I have assigned this authenticator to the Passport service, but have left "Password" as my default.
I can log in using a standard Firewall user account and password.
I can now also log in using my active directory username and entering "AD:<password>". It would seem that the password prefix isn't case sensitive as I have entered "ad:<password>" and that worked also.