pre-check OTP token
Alexander Clouter
alex at digriz.org.uk
Mon Jul 4 12:16:36 CEST 2011
Cor Bosman <cor at xs4all.nl> wrote:
>
> Would their be some way, in either the PAM stage, or in the FreeRadius
> stage before Exec to pre-validate if ive got a token-reponse? They're
> always 10 digit numbers.
>
unlang is your friend:
http://freeradius.org/radiusd/man/unlang.html
Something like the following should probably help you:
----
authorize {
preprocess
...
if (User-Password !~ /^[0-9]{10}$/) {
update reply {
Reply-Message := "ZOMG, TEH WORLD IS ENDINGS!"
}
reject
}
otp-exec-thingy
...
}
----
Cheers
--
Alexander Clouter
.sigmonster says: Good day for overcoming obstacles. Try a steeplechase.
More information about the Freeradius-Users
mailing list