non-standard authentication
Alan DeKok
aland at deployingradius.com
Thu Feb 24 07:32:27 CET 2011
Travis Dimmig wrote:
> I have a problem scenario where I need to be able to handle the
> authentication of users myself. I am looking into using either rlm_perl
> or (preferably) rlm_jradius to be able to write my own piece to do
> authentication.
Or just an external program.
> I believe this is possible with either module (please
> correct me if I’m wrong on that, it would stop me in my tracks). What I
> need to know is if when writing my own authenticator there is a terribly
> complicated process of requests and responses that I have to honor in
> order to make the supplicant happy,
No. Just use your program in the "inner-tunnel" virtual server.
FreeRADIUS takes care of all of the EAP requests and responses.
> As a test case,
> I wrote a Java class for rlm_jradius that just replaced reject packets
> with accept packets, to see if it would work.
It won't work. A reject is a reject.
> That was long winded, here is a summary of my questions. Can I write my
> own piece to do authentication?
You can write your own code to check names && passwords, yes.
> Where in the freeRadius process do I list that listener?
In the "authenticate" section. See the examples on
deployingradius.com related to Active Directory. There's an example of
using the "exec" module. Follow that for your program.
> Is there a series of requests and responses that I
> have to honor?
No.
Alan DeKok.
More information about the Freeradius-Users
mailing list