developping a custom authentication module

[MACHANI Ouahiba]

Thanks very much Alan,

But I steel can't see clearly.


"2 - What should I write exactly other than an rlm_ file ?
3- For a good beginning, what are the files that I should read first ?

  The files in doc/ ?  There *is* documentation on the modules & the API."

- To witch API do you refer?


I try to resume my needs.

1- The user will enter his username and "password||OTP" (password concatenated to OTP in the password prompt) (possible with PAP but other methods like CHAP ?? what do you thinkn?)

2- The module that I should write must first authenticate the username and password within a MS Active Directory and then validate the OTP. 

3- The user have access accept only if he is authenticated and the OTP is validated.


Question:

1- since user should be authenticated within Active Directory, I thought about using the ntlm and kerb5 libraries. Doesn't this require using PAM configuration?
2- is there any better solution for this?


thanks





-----Message d'origine-----
De : freeradius-devel-bounces+o.machani=oberthurcs.com at lists.freeradius.org [mailto:freeradius-devel-bounces+o.machani=oberthurcs.com at lists.freeradius.org] De la part de Alan DeKok
Envoyé : lundi 18 juin 2007 13:47
À : FreeRadius developers mailing list
Objet : Re: developping a custom authentication module

MACHANI Ouahiba wrote:
> I need to develop a custom authentication module to handle OTP
> authentication and integrate it to Freeradius server.
> 
> My questions are :
> 
> 1- are files with rlm_ prefix PAM modules or simply authentication modules?

  FreeRADIUS is not PAM.

> 2 - What should I write exactly other than an rlm_ file ?
> 3- For a good beginning, what are the files that I should read first ?

  The files in doc/ ?  There *is* documentation on the modules & the API.

  See also rlm_example

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html