Does freeradius-client-1.1.6 library supports challenge-response mode of authentication?

Alan DeKok aland at
Thu Jan 8 12:31:05 CET 2009

Gautam Tripathi wrote:
> However, we are unable to use this client library for our needs. The
> reason is that the library does not seem to support challenge-response
> mode of authentication. From what I have understood by looking at the
> library source is that it can only give a yes/no answer to an
> authentication request. Specifically, the library provides a single
> method for radius authentication called rc_auth. However, this function
> seems to return only binary result (OK_RC or BADRESP_RC).

  That is one of the limitations of the code.

> There is no return code for an access-challenge message from the server.
> The client understand only access-accept or access-reject codes.
> So I am coming to the conclusion that the freeradius-client-1.1.6 is not
> a fully conforming radius client library. The library in its current
> form and at the current version doesn not support challenge-response
> type of authentications. Please corrent me if I am wrong.  May be I am
> missing something here. But we need a definite answer to be able to
> decide if this library is sufficient for our needs or not.

  It shouldn't be too hard to modify the code.

  Alan DeKok.

More information about the Freeradius-Devel mailing list