radius: may server issue multiple Access-Challenges?

G. Paul Ziemba (paul@alantec.com)
Wed, 25 Oct 95 11:03:07 PDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Stefan Wikstrom: "Routing problem"
Previous message: Portmaster Tech: "Filters"
Next in thread: Carl Rigney: "Re: radius: may server issue multiple Access-Challenges?"

We just got our first Portmaster and I'm investigating the way
radius works so I can make the portmaster behave the way our
previous implementation does.

The previous dialin solution ran on a unix box with a perl
script handling login authentication. There were multiple
password levels (e.g., group password and then a user password)
so that we could roll group passwords periodically and be able to
update the clients easily.

The login sequence worked like this:

<prompt1>: _client enters group name_
<prompt2>: _client enters group passwd_
<prompt3>: _client enters individual name_
<prompt4>: _client enters individual passwd_

(Succeed or fail here)

I'd like to duplicate this sequence using the portmaster. I'm
willing to hack radiusd if necessary.

It seems (from the manual) that I can customize <prompt1>.

<prompt2> can probably NOT be customized, but will always
be "Password:" (Is this true?)

I think I can customize <prompt3> via the Access-Challenge
response from the radius server.

I'd like to know if I can generate <prompt4> via another
Access-Challenge response from the server to complete the
sequence.

Can I extend the prompting to an arbitrary number of
transactions by continuing to send Access-Challenges from
the radius server?

Thanks for any info,

~!paul

Next message: Stefan Wikstrom: "Routing problem"
Previous message: Portmaster Tech: "Filters"
Next in thread: Carl Rigney: "Re: radius: may server issue multiple Access-Challenges?"