my first freeradius module

Herbert Fischer herbert.fischer at gmail.com
Mon Mar 14 14:56:14 CET 2011


Hi Brian,

Yes, I've looked into rlm_otp already, however the token I'm going to use
does not work with OTPd's algorithms.

Anyway, thanks for the splitting code. I've tryed to do this before without
success. I'll try your sample code.

Your answer was very helphul. Thanks!

On Sun, Mar 13, 2011 at 04:38, Brian Candler <B.Candler at pobox.com> wrote:

> On Fri, Mar 11, 2011 at 06:13:45PM -0300, Herbert Fischer wrote:
> >    This module will do OTP two way authentication. It will extract part
> of
> >    the password (ex.: latest 6 digits) to verify and the remaining
> >    "password" will be returned to Freeradius to test against another
> >    module (LDAP for example).
> ...
> >    What do you suggest? Is there any other way to do this two way
> >    authentication without needing to develop a module for it?
>
> Have you looked in the src/modules directory? And you've seen that there's
> src/modules/rlm_otp already?  If that does the OTP part in the way you
> need,
> then splitting the password into two is easy.
>
>    if (User-Password =~ /^(......)(.*)$/) {
>        update request {
>            # The OTP password for rlm_otp to check
>            User-Password = "%{1}"
>            # The remainder to check against mysql or ldap
>            Tmp-String-0 = "%{2}"
>        }
>    }
>    ... continue
>
> See "man unlang" for the details. This won't work for
> CHAP-Challenge/CHAP-Password, obviously - only PAP.
>
> (rlm_otp appears to be undocumented, so if you want to update
> http://wiki.freeradius.org/Rlm_otp as you work with it, that would be a
> useful contribution)
>
> Otherwise, to make a completely custom module which links against an
> existing C library, you can start with rlm_example and borrow logic from
> other modules as required.  But you're right, it's tricky to do properly.
>
> If that were necessary, I'd say you'd be better off using rlm_perl or
> rlm_python and writing the logic there.
>
> Regards,
>
> Brian.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/devel.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20110314/c2c2b128/attachment.html>


More information about the Freeradius-Devel mailing list