Does freeradius-client-1.1.6 library supports challenge-response mode of authentication?
Hi all radius developers, We are using freeradius-client library version 1.1.6 for authenticating users against a Radius server. Our radius server uses the challenge-response mechanism of radius protocol. (It a steel belted radius server which acts as a front end for RSA ace manager). However, we are unable to use this client library for our needs. The reason is that the library does not seem to support challenge-response mode of authentication. From what I have understood by looking at the library source is that it can only give a yes/no answer to an authentication request. Specifically, the library provides a single method for radius authentication called rc_auth. However, this function seems to return only binary result (OK_RC or BADRESP_RC). There is no return code for an access-challenge message from the server. The client understand only access-accept or access-reject codes. So I am coming to the conclusion that the freeradius-client-1.1.6 is not a fully conforming radius client library. The library in its current form and at the current version doesn not support challenge-response type of authentications. Please corrent me if I am wrong. May be I am missing something here. But we need a definite answer to be able to decide if this library is sufficient for our needs or not. Best, Great Khan
Gautam Tripathi wrote:
However, we are unable to use this client library for our needs. The reason is that the library does not seem to support challenge-response mode of authentication. From what I have understood by looking at the library source is that it can only give a yes/no answer to an authentication request. Specifically, the library provides a single method for radius authentication called rc_auth. However, this function seems to return only binary result (OK_RC or BADRESP_RC).
That is one of the limitations of the code.
There is no return code for an access-challenge message from the server. The client understand only access-accept or access-reject codes.
So I am coming to the conclusion that the freeradius-client-1.1.6 is not a fully conforming radius client library. The library in its current form and at the current version doesn not support challenge-response type of authentications. Please corrent me if I am wrong. May be I am missing something here. But we need a definite answer to be able to decide if this library is sufficient for our needs or not.
It shouldn't be too hard to modify the code. Alan DeKok.
participants (2)
-
Alan DeKok -
Gautam Tripathi