Hello,
can you not configure RADIUS server to do PAP + Challenge so that it asks for username/password followed by one or more Access-Challenge? If yes, how would you configure freeradius server to throw Access-Challenge to radius client?
yes, you can. The easiest way is to grab: http://thomas.glanzmann.de/smsotpd.2012-08-16.tar.bz2 and follow the README in rlm_perl. Please also note that the test client that comes with radius does not support access challenges, maybe I'll write a patch for it but not right now. That is why I wrote my own test client in perl which is also included. Tell me if you need help, maybe I'll update the video on my website to include the rlm_perl implementation which is my favourite because it doesn't require a seperate daemon and works with most distros out of the box. Cheers, Thomas