Sample code for external program w/ EAP?
Alan DeKok
aland at deployingradius.com
Fri Jan 28 17:44:08 CET 2011
McCann, Brian wrote:
> Hi all. I hate to be a pest…but I cannot find anything really on what
> I’m trying to do.
You're trying to have another program authenticate the user. This
means setting up that program as being responsible for the authentication.
> I’m trying to use a Python program as an “external authenticator”, so I
> can check various things with the username and password in my already
> existing authentication schemes. I thought this would be easy…I was
> wrong. Through some trial and error, I’ve determined that the Python
> app needs to return “Cleartext-Password” with “some value”…that value is
> unclear to me since I’ve returned anything and it takes it.
No. If it's returning a Cleartext-Password, then you are *not* using
the program as the authenticator.
> My question to everyone is this: Is there an example program, in Python
> or perl, that is complete and works somewhere? Everything I’ve seen
> just says things like “your code here”, and never specifies what the
> returns need to be formatted like and/or include for EAP. I had been
> assuming that I just simply had to return a simple “OK” or “FAIL”, but
> that’s clearly not right.
It's right *if* you're running the Python module in the "authenticate"
section. This usually means forcing Auth-Type, which is one of the few
times where doing that is useful.
My $0.02, however, is to say that this is a bad idea. You're nearly
always better off letting the authentication server do the authentication.
Alan DeKok.
More information about the Freeradius-Users
mailing list