I have a problem scenario where I need to be able to handle the authentication of users myself.  I am looking into using either rlm_perl or (preferably) rlm_jradius to be able to write my own piece to do authentication.  I believe this is possible with either module (please correct me if I’m wrong on that, it would stop me in my tracks).  What I need to know is if when writing my own authenticator there is a terribly complicated process of requests and responses that I have to honor in order to make the supplicant happy, or if I can trivially accept or reject based on the parameters of my business problem.  As a test case, I wrote a Java class for rlm_jradius that just replaced reject packets with accept packets, to see if it would work.  I found that if I hooked into it at the ‘post_auth’ stage it didn’t matter what my reply was, freeRadius remembered that auth had failed and stripped all the attributes from the response packet.

 

That was long winded, here is a summary of my questions.  Can I write my own piece to do authentication?  Where in the freeRadius process do I list that listener?  Is there a series of requests and responses that I have to honor?

 

-Travis