Cor Bosman <c...@xs4all.nl> wrote: > > Would their be some way, in either the PAM stage, or in the FreeRadius > stage before Exec to pre-validate if ive got a token-reponse? They're > always 10 digit numbers. > unlang is your friend:
http://freeradius.org/radiusd/man/unlang.html Something like the following should probably help you: ---- authorize { preprocess ... if (User-Password !~ /^[0-9]{10}$/) { update reply { Reply-Message := "ZOMG, TEH WORLD IS ENDINGS!" } reject } otp-exec-thingy ... } ---- Cheers -- Alexander Clouter .sigmonster says: Good day for overcoming obstacles. Try a steeplechase. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html