Does freeradius-client-1.1.6 library supports challenge-response mode of authentication?

Gautam Tripathi khaghan at gmail.com
Wed Jan 7 22:06:58 CET 2009


Hi all radius developers,

We are using freeradius-client library version 1.1.6 for authenticating
users against a Radius server. Our radius server uses the challenge-response
mechanism of radius protocol. (It a steel belted radius server which acts
as  a front end for RSA ace manager).

However, we are unable to use this client library for our needs. The reason
is that the library does not seem to support challenge-response mode of
authentication. From what I have understood by looking at the library source
is that it can only give a yes/no answer to an authentication request.
Specifically, the library provides a single method for radius authentication
called rc_auth. However, this function seems to return only binary result
(OK_RC or BADRESP_RC).

There is no return code for an access-challenge message from the server. The
client understand only access-accept or access-reject codes.

So I am coming to the conclusion that the freeradius-client-1.1.6 is not a
fully conforming radius client library. The library in its current form and
at the current version doesn not support challenge-response type of
authentications. Please corrent me if I am wrong.  May be I am missing
something here. But we need a definite answer to be able to decide if this
library is sufficient for our needs or not.

Best,
Great Khan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20090107/3643e1c6/attachment.html>


More information about the Freeradius-Devel mailing list