How to handle challenge response using PAM auth in FreeRadius

Rajendra Hegde Rajendra.hegde at
Mon Mar 15 19:32:00 CET 2010

pam_conv is good for holding interactive conversation locally for applications
such as login, su etc.
When used  with radius server pam_conv failed to do prompt at remote_client.
Please note that we are not interested in local convesation where PAM is located.
The remote client I have used is one of the test applications from the radius suite.
Let me aks you further.
note: A and B are machines.
{client @ A} --->   {radius at B}  -->  {PAM @ B}
Now when I tested as said above, a call to pam_conv  in PAM module at machine B
did nothing.  Are you sure it does prompt with a message at client @ A ?
I look forward to your reply.


From: John Dennis [mailto:jdennis at]
Sent: Mon 3/15/2010 1:51 PM
To: Rajendra Hegde
Cc: FreeRadius users mailing list
Subject: Re: How to handle challenge response using PAM auth in FreeRadius

On 03/15/2010 01:12 PM, Rajendra Hegde wrote:
> Hello,
> The scenario is like this :
> {remote client } -----> {radius} ---> {PAM} ----> {Extern Athenticator}
> Now when the external authenticator sends challenge to PAM, I do not see
> a easy way to pass the "challenge text" back to the radius.
> Please note that pam_sm_authenticate allows either SUCCESS or FAILURE return
> but not "Challnege text" return.

I gave you the answer, it's done with pam_conv, you should read the code
in rlm_pam.c.

John Dennis <jdennis at>

Looking to carve out IT costs?

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer.  Please see our legal details at
CRYPTOCard Inc. is registered in the province of Ontario, Canada with Business number 80531 6478.  CRYPTOCard Europe is limited liability company registered in England and Wales (with registered number 05728808 and VAT number 869 3979 41); its registered office is Aztec Centre, Aztec West, Almondsbury, Bristol, UK, BS32 4TD

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list