Exercising Challenge/Response code path in pam client?
Richard Perrin
rcp at sentientmeat.ca
Fri Sep 23 21:40:14 CEST 2016
On Fri, Sep 23, 2016 at 1:57 PM, Alan DeKok <aland at deployingradius.com> wrote:
> On Sep 23, 2016, at 1:15 PM, Richard Perrin <rcp at sentientmeat.ca> wrote:
[snip text and config]
>
> You need to do EVERYTHING to manage the challenge yourself. You need to understand how challenge-response works in RADIUS.
>
[snip config]
>
> Of course, this presumes that the NAS understands challenge-response. Which it might not.
When I add in a State value, that config successfully gets a challenge
and response from the pam module on Linux (libpam-radius-auth-1.3.17).
Surprisingly, it didn't prompt there though. Largely this highlights,
much like you said, that I don't sufficiently understand how
challenge-response works in RADIUS.
>
> To be honest, there's pretty much no reason to invent your own challenge-response mechanism. Using an existing one is much preferred.
Which of the existing methods would you select for least friction in
configuring?
- Richard
More information about the Freeradius-Users
mailing list