[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SV: [Radiusplugin-users] RADIUS challenge support
From: |
Robert Svensson |
Subject: |
SV: [Radiusplugin-users] RADIUS challenge support |
Date: |
Thu, 8 Jan 2009 15:39:52 +0100 |
Hi,
I work with a few RADIUS servers that require the handling of RADIUS challenge
and response to authenticate users.
One example is the use of one time password token cards. After a successful
user name and password authentication, the RADIUS server asks the user to input
the one time password than is then checked against the RADIUS server.
In short, the plugin needs to support additional user input that is not
available to the plugin when a user enters her user name and password.
I hope this isn't too confusing.
All the best
Robert
-----Ursprungligt meddelande-----
Från: Ralf Lübben [mailto:address@hidden
Skickat: den 6 januari 2009 21:20
Till: address@hidden
Kopia: Robert Svensson
Ämne: Re: [Radiusplugin-users] RADIUS challenge support
Hi,
right the user would be rejected, the problem is that the plugin itself can't
communicate with OpenVPN and ask for new attributes. The plugin only delivers
ERROR or SUCCESS back to OpenVPN.
Maybe the assumption is not totally right, but I think there is no other way so
far.
If you need additional attributes which should be sent to the radius server, it
is no problem to add them.
In my opinion there is no way to handle a access challenge packet from the
radius server. You only can send information to the radius server which are
available in the plugin, but these information you can directly add in the
access request.
Do think there are situations where you only should provide information in the
access challenge even if you could have send them already in the access request?
Ralf
Am Montag 05 Januar 2009 22:15:27 schrieb Robert Svensson:
> Hi,
> Will there be support for radius access challenge in the module some day?
> By looking at the code it seems like a RADIUS access challenge is
> treated the same way as an ACCESS reject. Is this a correct assumption?
>
> Thanx
> Robert Svensson
> Mideye AB
>
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users