FreeRADIUS with custom multi-factor authentication

Alan DeKok aland at
Thu Feb 14 18:46:13 CET 2019

On Feb 14, 2019, at 11:33 AM, Clint Lord <clint at> wrote:
> Thank you for your guidance, that provided us the high level direction we were looking for.

  That's good.

> The complexity of the web services we are using for username/password validation and MFA processing leads us to believe we need to use rlm_python to write the authorize method.  However we're not finding any documentation that tells us how to create access challenges or manage state from within our python code.  We are basically looking for the list of the objects and APIs that are available to us when we are writing the authorize method in python.

  You can return different values from python, and then key off of that:

	if (user ock) {

  As of 3.0.17 (I think) all of the lists are available to the Python module.  So you can do whatever you want, keep state in "session-state", and it should all just work.

  Alan DeKok.

More information about the Freeradius-Users mailing list