specifying back end to proxy on per-user basis
Alan DeKok
aland at deployingradius.com
Fri Aug 22 20:25:20 CEST 2008
Greg Woods wrote:
> We have a freeradius instance that talks to the world, and proxies
> requests to a back end server that does token authentication via the
> "otp" module. This all works fine. What we need is something we can do
> when a user forgets or loses their card. We thought to use S/key for
> this. To that end, I have another back end server that does s/key
> authentication via a PAM module. This too works, but I have to find a
> way to specify in the front end proxy on a per-user basis which back end
> server should be used.
Use groups, or *something* else.
What's in the request packet that make S/key different from the other
authentication modules? How can you distinguish between the two kinds
of requests? Where is that information stored?
Alan DeKok.
More information about the Freeradius-Users
mailing list