<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7650.28">
<TITLE>Two factor authentication using pam module</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>Hi,<BR>
<BR>
I'm using the radius pam module to authenticate users connecting to an ftp server.<BR>
<BR>
The proprietary radius server that we are using expects, after a successful user name / password check, an access challenge in the form numbers displayed on a token.<BR>
<BR>
<BR>
<BR>
My problem is that I can't figure out how I should configure the pam module to handle the radius challenge.<BR>
<BR>
Is this this possible at all?<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
The debug out put:<BR>
<BR>
Aug 28 16:40:48 radiuspam vsftpd: pam_radius_auth: Got user name john<BR>
<BR>
Aug 28 16:40:48 radiuspam vsftpd: pam_radius_auth: Sending RADIUS request code 1<BR>
<BR>
Aug 28 16:40:49 radiuspam vsftpd: pam_radius_auth: DEBUG: getservbyname(radius, udp) returned -642636992.<BR>
<BR>
Aug 28 16:40:54 radiuspam vsftpd: pam_radius_auth: Got RADIUS response code 11<BR>
<BR>
Aug 28 16:40:54 radiuspam vsftpd: pam_radius_auth: Got response to challenge code 3<BR>
<BR>
Aug 28 16:40:54 radiuspam vsftpd: pam_radius_auth: authentication failed<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
As you can see, the pam module doesn't wait for user input to the challenge response (code 11). Instead, it sends an invalid challenge response that the radius server rejects.<BR>
<BR>
<BR>
<BR>
Any help is greatly appreciated<BR>
<BR>
Thanx<BR>
<BR>
Robert</FONT>
</P>
</BODY>
</HTML>