FreeRADIUS / pam_radius

Alan DeKok aland at deployingradius.com
Wed Feb 16 14:35:20 UTC 2022


On Feb 16, 2022, at 8:43 AM, Senouci Briksi, Djelloul <djelloul.briksi at wabtec.com> wrote:
> We are using pam_radius to authenticate a witty http-browser (client) to a freeradius server.
> 
> Our freeradius server is configured to send a dedicated/special Reply-Message when responding to an authenticate-request.

  OK.  Where do you think that Reply-Message will go?

> I have seen in pam_radius_auth.c<https://github.com/FreeRADIUS/pam_radius/blob/master/src/pam_radius_auth.c> that Reply-Messages are only read as long as (response->code == PW_ACCESS_CHALLENGE).
> Reply-Messages are currently not read if (response->code == PW_AUTHENTICATION_ACK).
> Is there a reason why Reply-Messages are not read in this case?

  A better question is: What do you think the module should do with the Reply-Message?

  The module works as documented, and uses Reply-Message to do challenge / response prompting.

  If you want to do something else with Reply-Message, explain what you want to do.  And why.

  Alan DeKok.



More information about the Freeradius-Devel mailing list