Hello, from first time poster. Is there anyone on the list who has an actual working example of two factor authentication coded in perl using rlm_perl they would be willing to share? There are a number of incomplete examples, and a some hints as to errors in them, and I've taken all this on board and as a result can pass the challenge response back to the NAS. What I'm having difficulty with is keeping state, so I can determine if an Authorize request is the first hit (real password) or the second (the second factor). Thanks. Davey Jones.
Sorry for the OT reply, but aren't you one of "The Monkeys"? Or are you that Pirate dude? I know - lame, but I'm running on little sleep and it seems kinda funny in my head. Sorry I can't help with the question! -----Original Message----- From: freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell.com@lists.freeradius.or g] On Behalf Of David Jones Sent: Monday, October 05, 2009 7:38 PM To: freeradius-users@lists.freeradius.org Subject: Hello, from first time poster. Is there anyone on the list who has an actual working example of two factor authentication coded in perl using rlm_perl they would be willing to share? There are a number of incomplete examples, and a some hints as to errors in them, and I've taken all this on board and as a result can pass the challenge response back to the NAS. What I'm having difficulty with is keeping state, so I can determine if an Authorize request is the first hit (real password) or the second (the second factor). Thanks. Davey Jones. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font>
David Jones wrote:
Is there anyone on the list who has an actual working example of two factor authentication coded in perl using rlm_perl they would be willing to share?
Most people use pre-existing authentication methods. So there isn't much in the way of example code.
There are a number of incomplete examples, and a some hints as to errors in them, and I've taken all this on board and as a result can pass the challenge response back to the NAS. What I'm having difficulty with is keeping state, so I can determine if an Authorize request is the first hit (real password) or the second (the second factor).
That's what the State attribute is for. See src/modules/rlm_example. An Access-Request without a State is the first one. Then, you reply with a State in the challenge. The next Access-Request for the same user comes in with the State. Storing the State is up to you. The rest of the server stores it in memory. It should be pretty trivial for you to use the Perl modules to store it in a file, DB, etc. Alan DeKok.
participants (3)
-
Alan DeKok -
David Jones -
Gary Gatten