Greg Woods wrote:
We have a freeradius instance that talks to the world, and proxies requests to a back end server that does token authentication via the "otp" module. This all works fine. What we need is something we can do when a user forgets or loses their card. We thought to use S/key for this. To that end, I have another back end server that does s/key authentication via a PAM module. This too works, but I have to find a way to specify in the front end proxy on a per-user basis which back end server should be used.
Use groups, or *something* else. What's in the request packet that make S/key different from the other authentication modules? How can you distinguish between the two kinds of requests? Where is that information stored? Alan DeKok.