aland at deployingradius.com
Mon Nov 27 14:22:08 CET 2017
On Nov 27, 2017, at 5:01 AM, Jonathan Anthony <jonathan.anthony at siliconsafe.com> wrote:
> Thank you Alan for your help.
> I am still a little confused. What we are doing is that we have a secure box for storing, initially usernames and passwords using our own built hardware/software.
> 1. We want to write a "plug-in" which I assume will be a module, so that when authenticating a user, it will send a command to our box. The box returns simply yes or no depending if the password matches. I thought rlm_pap authenticates using the flat users file. So we assumed that if we modified pap, this would work. Sorry if this is stupid question but I have just started with Radius
The documentation for each module *does* say exactly what the module does and how it works...
> 2. Say our authentication is called SNAP. How does the radius server select our module to authenticate. I did notice a "hints" file but not sure how this will work.
Don't write your own module. Use an existing one. Maybe rlm_rest, as Matthew suggested.
If you need custom code, write it in Perl or Python. That solves a few problems.
* if you're not familiar with the FreeRADIUS internals... you shouldn't write a module. It's not trivial to do it correctly.
* if you distribute FreeRADIUS with your custom module, the module *must* fall under the GPL. So people can ask for source for your module. If you don't give it to them you lose all rights under the GPL and can no longer distribute FreeRADIUS
* writing custom code in Perl or Python means you work with attributes (i.e. things you see), not the internal API. This is much, much, easier. Plus, it bypasses GPL issues.
More information about the Freeradius-Devel