Splitting the password field in freeRADIUS
Drumm, Daniel
dgdrumm at bf.umich.edu
Tue Jan 23 22:04:37 CET 2007
As some of you may know, RSA SecurID servers now support RADIUS. The
Auth Manager comes with the Funk RADIUS sever embedded into it, and
supports a number of auth types, including EAP-OTP as well as the usual
types such as CHAP.
Is it possible to front end this type of server with FreeRADIUS, so that
NAS-Clients can send a tokencode prepended to, say, a Kerberos password
- and have the FreeRADIUS server forward the first 6 digits of the field
to the RSA server for tokencode validation - and the remaining charcters
to another RADIUS server, one that front-ends a Kerberos system? Only
when both fields return true is the authentication true.
Is this possible? I was looking at the various scripting options in
radius.conf, and don't know of anyone who has done this. Or if it can be
done.
Thank you.
Dan.
#
# Pre-accounting. Decide which accounting type to use.
#
preacct {
preprocess
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
acct_unique
#
# Look for IPASS-style 'realm/', and if not found, look for
# '@realm', and decide whether or not to proxy, based on
# that.
#
# Accounting requests are generally proxied to the same
# home server as authentication requests.
# IPASS
suffix
# ntdomain
#
# Read the 'acct_users' file
files
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070123/a5036239/attachment.html>
More information about the Freeradius-Users
mailing list