SV: [Radiusplugin-users] RADIUS challenge support

radiusplugin-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SV: [Radiusplugin-users] RADIUS challenge support

From:	Robert Svensson
Subject:	SV: [Radiusplugin-users] RADIUS challenge support
Date:	Thu, 8 Jan 2009 15:39:52 +0100

Hi,
I work with a few RADIUS servers that require the handling of RADIUS challenge 
and response to authenticate users.
One example is the use of one time password token cards. After a successful 
user name and password authentication, the RADIUS server asks the user to input 
the one time password than is then checked against the RADIUS server.
In short, the plugin needs to support additional user input that is not 
available to the plugin when a user enters her user name and password.

I hope this isn't too confusing.

All the best
Robert

-----Ursprungligt meddelande-----
Från: Ralf Lübben [mailto:address@hidden
Skickat: den 6 januari 2009 21:20
Till: address@hidden
Kopia: Robert Svensson
Ämne: Re: [Radiusplugin-users] RADIUS challenge support

Hi,

right the user would be rejected, the problem is that the plugin itself can't 
communicate with OpenVPN and ask for new attributes. The plugin only delivers 
ERROR or SUCCESS back to OpenVPN.
Maybe the assumption is not totally right, but I think there is no other way so 
far.
If you need additional attributes which should be sent to the radius server, it 
is no problem to add them.
In my opinion there is no way to handle a access challenge packet from the 
radius server. You only can send information to the radius server which are 
available in the plugin, but these information you can directly add in the 
access request.
Do think there are situations where you only should provide information in the 
access challenge even if you could have send them already in the access request?

Ralf





Am Montag 05 Januar 2009 22:15:27 schrieb Robert Svensson:
> Hi,
> Will there be support for radius access challenge in the module some day?
> By looking at the code it seems like a RADIUS access challenge is
> treated the same way as an ACCESS reject. Is this a correct assumption?
>
> Thanx
> Robert Svensson
> Mideye AB
>
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users

[Prev in Thread]

Current Thread

[Next in Thread]

[Radiusplugin-users] RADIUS challenge support, Robert Svensson, 2009/01/05
- Re: [Radiusplugin-users] RADIUS challenge support, Ralf Lübben, 2009/01/06
  - SV: [Radiusplugin-users] RADIUS challenge support, Robert Svensson <=
    - Re: SV: [Radiusplugin-users] RADIUS challenge support, Ralf Lübben, 2009/01/08
    - RE: SV: [Radiusplugin-users] RADIUS challenge support, Robert Svensson, 2009/01/08

Prev by Date: Re: [Radiusplugin-users] RADIUS challenge support
Next by Date: Re: SV: [Radiusplugin-users] RADIUS challenge support
Previous by thread: Re: [Radiusplugin-users] RADIUS challenge support
Next by thread: Re: SV: [Radiusplugin-users] RADIUS challenge support
Index(es):
- Date
- Thread