<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Yes, I can do that for static modifications, but in my case I have to
split the password and extract N bytes from it, which is a One-time
password for 2 factor authentication. I have to receive AUTH_ACK from
main radius server using the original password and then process the
second authentication stage with a 2 factor authentication manager
using that N bytes long OTP. (Connecting to 2FA server, sending OTP and
receiving result) This is why I need to do it in a module.<br>
Now, any ideas on which of the user-password vp's I have to change ?<br>
<br>
I know reusing Proxy-State is ugly. So, If I define my own attributes,
is it necessary
for main RADIUS server (which we proxy to) to have modified dictionary
files ? or it will simply ignore those unknown attributes ?<br>
<br>
Thanks,<br>
<br>
<br>
Stefan Winter wrote:
<blockquote cite="mid:200804091602.52287.stefan.winter@restena.lu"
type="cite">
<pre wrap="">Hi,
</pre>
<blockquote type="cite">
<pre wrap="">I've been working on a freeradius module which will operate in pre-proxy
and post-proxy mode. I need to modify the user-password
(PW_USER_PASSWORD) attribute in pre-proxy and return an RLM_MODULE_UPDATED.
</pre>
</blockquote>
<pre wrap=""><!---->
Hm, why doesn't updating this stuff with
update request {
User-Name := whatever
User-Password := wh4t3v3r
}
in the pre-proxy section work? No need for a module then... And if I may ask,
why would you need to modify name and password for proxying? If it's just
about cutting out realms, there is an excellent realm module to do that for
you.
</pre>
<blockquote type="cite">
<pre wrap="">And last question, Is it safe to modify the Proxy-State attribute in
pre-proxy stage? somewhere in event.c, the comments says that, RFC
requires it (Proxy-State) but freeradius doesn't need it, and just
fills it with packet->id (which is a random number). Since RFC forbids
adding more than one Proxy-State too the packet, and also having in mind
that I don't want to introduce a new attribute (bothering dictionary
files), Can I use the same Proxy-State (filed by freeradius with
packet->id) to store my own data in it ?
</pre>
</blockquote>
<pre wrap=""><!---->
Again, why on earth would you want to do that? If you want to send information
in a packet, there's no need to abuse Proxy-State... define your own
attribute.
Stefan Winter
</pre>
<pre wrap="">
<hr size="4" width="90%">
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/devel.html">http://www.freeradius.org/list/devel.html</a></pre>
</blockquote>
</body>
</html>