RADIUS challenge response using the PAM module
Alan DeKok
aland at deployingradius.com
Thu Mar 19 07:29:49 CET 2009
Robert Svensson wrote:
> The problem is that the access challenge sent by the radius server, to the pam module, is returned by the pam module without being displayed to the user.
That sentence doesn't make any sense.
> What I expect is for the access challenge to be displayed to the user: Enter your OTP (or something). After the user has responded to the access challenge, the response should be sent back to the radius server for authentication.
Yes, that should happen.
> As of now, the PAM module responds to the access challenge by itself without asking for additional user input. Therefore, the reply message doesn't contain the correct value.
Ah... *that* is the explanation I was looking for. Saying things like
"the access challenge is returned by the pam module" is *very* confusing.
All I know is that I last tested the module with Access-Challenge a
long time ago... and it worked then.
I would suggest updating the module source to print out what it's
doing, and why. That will help you understand the decisions it's making.
Alan DeKok.
More information about the Freeradius-Users
mailing list