JRadius module for post-auth

Yizhi Lao laoyizhi at yahoo.com
Mon Apr 3 18:37:44 CEST 2006


   This is related to my previous mail on setting up
Freeradius for 2 factor authentication with
chanllenge-response.  I looked at what JRadius module
can do and am going to attempt the following approach

1. insert a JRadius module into the "post-auth"
section, such that the module will process an
"Access-Accept" packet into an "Access-Chanllange"

Question: is this allowed by FreeRadius? i.e. would
FreeRadius allow an module in "post-auth" to change
the packet type(Code)?

2. insert a JRadius module into either the "authorize"
or "authenticate" section, such that it will recognize
an access-request packet which answers the chanllenge,
and process it using its own logic

Question: Would freeradius allow a module called in
"authorize" part to directly accept or reject a
request, without making it go through to the
"authenticate" section?

Thank you and best regards

--- Alan DeKok <aland at ox.org> wrote:

> Yizhi Lao <laoyizhi at yahoo.com> wrote:
> > What I am worried about is not the second
> authentication method, but
> > to chain two authentication together. is there any
> convenient way to
> > do it?
>   As I said, you have to write you own module to do
> this.
>   The "example" module that is included with the
> server shows how to
> chain two authentications together.  Take a look at
> it.
>   Alan DeKok.
> - 
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the Freeradius-Users mailing list