Two-Factor Auth using FreeRADIUS

Alan DeKok aland at deployingradius.com
Sun Mar 18 00:25:40 CET 2012


Ryon Day wrote:
> request.setReplyPacket(reply );
> 
>  My thinking was that FreeRADIUS would take this at face value; After all, the difference between a Access-Challenge and another RADIUS packet is merely the ID. So from what you say above, may I infer that the only thing that FreeRADIUS takes from the reply are the different attributes assigned to it, and it handles the "type" of packet itself? 

  There's more to it than that.  jradius isn't part of FreeRADIUS, as
it's not written in C.  So there needs to be an API between the two.
And that API can only handle setting attributes.  It can't handle
setting packet types.

> Thank you again. So it seems that what I want to do doesn't really fit into any of the current authentication methods. I will continue digging, you have given me some seriously great education and help here; Thank you so much. I will follow up with my experiences!

  It doesn't.  Hand-rolled challenge-response mechanisms are rare.

  Alan DeKok.


More information about the Freeradius-Users mailing list