McCann, Brian wrote:
Hi all. I hate to be a pest…but I cannot find anything really on what I’m trying to do.
You're trying to have another program authenticate the user. This means setting up that program as being responsible for the authentication.
I’m trying to use a Python program as an “external authenticator”, so I can check various things with the username and password in my already existing authentication schemes. I thought this would be easy…I was wrong. Through some trial and error, I’ve determined that the Python app needs to return “Cleartext-Password” with “some value”…that value is unclear to me since I’ve returned anything and it takes it.
No. If it's returning a Cleartext-Password, then you are *not* using the program as the authenticator.
My question to everyone is this: Is there an example program, in Python or perl, that is complete and works somewhere? Everything I’ve seen just says things like “your code here”, and never specifies what the returns need to be formatted like and/or include for EAP. I had been assuming that I just simply had to return a simple “OK” or “FAIL”, but that’s clearly not right.
It's right *if* you're running the Python module in the "authenticate" section. This usually means forcing Auth-Type, which is one of the few times where doing that is useful. My $0.02, however, is to say that this is a bad idea. You're nearly always better off letting the authentication server do the authentication. Alan DeKok.