pre-check OTP token

Alexander Clouter alex at digriz.org.uk
Mon Jul 4 12:16:36 CEST 2011


Cor Bosman <cor at xs4all.nl> wrote:
> 
> Would their be some way, in either the PAM stage, or in the FreeRadius 
> stage before Exec to pre-validate if ive got a token-reponse? They're 
> always 10 digit numbers.
>
unlang is your friend:

http://freeradius.org/radiusd/man/unlang.html

Something like the following should probably help you:
----
authorize {
	preprocess

	...

	if (User-Password !~ /^[0-9]{10}$/) {
		update reply {
			Reply-Message := "ZOMG, TEH WORLD IS ENDINGS!"
		}
		reject
	}

	otp-exec-thingy

	...
}
----

Cheers

-- 
Alexander Clouter
.sigmonster says: Good day for overcoming obstacles.  Try a steeplechase.




More information about the Freeradius-Users mailing list