RADIUS challenge response using the PAM module

Robert Svensson Robert.Svensson at mideye.com
Wed Mar 18 23:13:48 CET 2009


I'm fully aware of the fact that the radius server generates the challenge.

The problem is that the access challenge sent by the radius server, to the pam module, is returned by the pam module without being displayed to the user.
What I expect is for the access challenge to be displayed to the user: Enter your OTP (or something). After the user has responded to the access challenge, the response should be sent back to the radius server for authentication.

As of now, the PAM module responds to the access challenge by itself without asking for additional user input. Therefore, the reply message doesn't contain the correct value.
________________________________________
From: freeradius-users-bounces+robert.svensson=mideye.com at lists.freeradius.org [freeradius-users-bounces+robert.svensson=mideye.com at lists.freeradius.org] On Behalf Of Alan DeKok [aland at deployingradius.com]
Sent: Wednesday, March 18, 2009 9:47 PM
To: FreeRadius users mailing list
Subject: Re: RADIUS challenge response using the PAM module

Robert Svensson wrote:
> something else than what the radius server expected. Like an invalid OTP for example

  Uh... the RADIUS server is the one generating the challenge.  Not the
PAM module.

  Perhaps you could give explanations of what you expect, and what you see.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list