Travis Dimmig wrote:
I have a problem scenario where I need to be able to handle the authentication of users myself. I am looking into using either rlm_perl or (preferably) rlm_jradius to be able to write my own piece to do authentication.
Or just an external program.
I believe this is possible with either module (please correct me if I’m wrong on that, it would stop me in my tracks). What I need to know is if when writing my own authenticator there is a terribly complicated process of requests and responses that I have to honor in order to make the supplicant happy,
No. Just use your program in the "inner-tunnel" virtual server. FreeRADIUS takes care of all of the EAP requests and responses.
As a test case, I wrote a Java class for rlm_jradius that just replaced reject packets with accept packets, to see if it would work.
It won't work. A reject is a reject.
That was long winded, here is a summary of my questions. Can I write my own piece to do authentication?
You can write your own code to check names && passwords, yes.
Where in the freeRadius process do I list that listener?
In the "authenticate" section. See the examples on deployingradius.com related to Active Directory. There's an example of using the "exec" module. Follow that for your program.
Is there a series of requests and responses that I have to honor?
No. Alan DeKok.