Using Exec-Program-Wait for MOTP (mobile OTP) with MSCHAPv2

Markus Gaugusch markus at
Fri Feb 13 19:40:00 CET 2009

On Feb 13, Fabiano <fabiano at> wrote:

> Hello,
> Does anyone know where I can find some information on how to use the 
> following in freeradius ?
> I have an external shell script which awaits arguments (username, clear 
> password, and other arguments) and returns an answer for validation.
> The problem is that I cannot find any lead on how to do this while using 
> MSCHAPv2...
> And I am not sure how to do this with Exec-Program-Wait.

Hi Fabiano!
I'm using mobile otp, but I use pam and not the shell script. (In fact, 
the shell script has some security issues which I found out a few days 
ago. Especially, it does not do the "one time" check correctly, because a 
token code can be reused until it expires!.

To enable pam, I just wrote "pam" into the authenticate section, that's 
it. (and of course have a proper /etc/pam.d/radiusd file)


More information about the Freeradius-Users mailing list