Sample code for external program w/ EAP?

Alan DeKok aland at
Fri Jan 28 17:44:08 CET 2011

McCann, Brian wrote:
> Hi all.  I hate to be a pest…but I cannot find anything really on what
> I’m trying to do.

  You're trying to have another program authenticate the user.  This
means setting up that program as being responsible for the authentication.

> I’m trying to use a Python program as an “external authenticator”, so I
> can check various things with the username and password in my already
> existing authentication schemes.  I thought this would be easy…I was
> wrong.  Through some trial and error, I’ve determined that the Python
> app needs to return “Cleartext-Password” with “some value”…that value is
> unclear to me since I’ve returned anything and it takes it.

  No.  If it's returning a Cleartext-Password, then you are *not* using
the program as the authenticator.

> My question to everyone is this: Is there an example program, in Python
> or perl, that is complete and works somewhere?  Everything I’ve seen
> just says things like “your code here”, and never specifies what the
> returns need to be formatted like and/or include for EAP.  I had been
> assuming that I just simply had to return a simple “OK” or “FAIL”, but
> that’s clearly not right.

  It's right *if* you're running the Python module in the "authenticate"
section.  This usually means forcing Auth-Type, which is one of the few
times where doing that is useful.

  My $0.02, however, is to say that this is a bad idea.  You're nearly
always better off letting the authentication server do the authentication.

  Alan DeKok.

More information about the Freeradius-Users mailing list