Exercising Challenge/Response code path in pam client?
Alan DeKok
aland at deployingradius.com
Thu Sep 22 21:40:11 CEST 2016
On Sep 22, 2016, at 3:37 PM, Richard Perrin <rcp at sentientmeat.ca> wrote:
>
> I'm seeking a simple as possible config for freeradius server (version
> 2.1.12+dfsg-1.2ubuntu8.1 in Ubuntu 14.04)
Upgrade. Version 2.1.12 is YEARS out of date.
> that would allow me to
> exercise the Challenge/Response path in the pam client (packaged as
> libpam-radius-auth-1.3.17).
That should work at least.
> I see PW_ACCESS_CHALLENGE in several modules, but I haven't made the
> leap on how to configure the server to have pam-radius-auth (currently
> successfully authenticating against the server) receive an
> Access-Challenge instead of Accept/Reject. My end goal is verification
> of the client side code, rather than a production server deployment.
> Could you please provide me with guidance?
You need an authentication protocol which will do challenge-response. Most won't.
In version 3, you can implement full challenge-response in "unlang".
So... upgrade.
Alan DeKok.
More information about the Freeradius-Users
mailing list