Does freeradius-client-1.1.6 library supports challenge-response mode of authentication?
khaghan at gmail.com
Wed Jan 7 22:06:58 CET 2009
Hi all radius developers,
We are using freeradius-client library version 1.1.6 for authenticating
users against a Radius server. Our radius server uses the challenge-response
mechanism of radius protocol. (It a steel belted radius server which acts
as a front end for RSA ace manager).
However, we are unable to use this client library for our needs. The reason
is that the library does not seem to support challenge-response mode of
authentication. From what I have understood by looking at the library source
is that it can only give a yes/no answer to an authentication request.
Specifically, the library provides a single method for radius authentication
called rc_auth. However, this function seems to return only binary result
(OK_RC or BADRESP_RC).
There is no return code for an access-challenge message from the server. The
client understand only access-accept or access-reject codes.
So I am coming to the conclusion that the freeradius-client-1.1.6 is not a
fully conforming radius client library. The library in its current form and
at the current version doesn not support challenge-response type of
authentications. Please corrent me if I am wrong. May be I am missing
something here. But we need a definite answer to be able to decide if this
library is sufficient for our needs or not.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Devel