FreeRADIUS / pam_radius
Alan DeKok
aland at deployingradius.com
Wed Feb 16 14:35:20 UTC 2022
On Feb 16, 2022, at 8:43 AM, Senouci Briksi, Djelloul <djelloul.briksi at wabtec.com> wrote:
> We are using pam_radius to authenticate a witty http-browser (client) to a freeradius server.
>
> Our freeradius server is configured to send a dedicated/special Reply-Message when responding to an authenticate-request.
OK. Where do you think that Reply-Message will go?
> I have seen in pam_radius_auth.c<https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c> that Reply-Messages are only read as long as (response->code == PW_ACCESS_CHALLENGE).
> Reply-Messages are currently not read if (response->code == PW_AUTHENTICATION_ACK).
> Is there a reason why Reply-Messages are not read in this case?
A better question is: What do you think the module should do with the Reply-Message?
The module works as documented, and uses Reply-Message to do challenge / response prompting.
If you want to do something else with Reply-Message, explain what you want to do. And why.
Alan DeKok.
More information about the Freeradius-Devel
mailing list