Norbert Wegener wrote: > The box I am talking about is a Juniper vpn gateway. There they have > Custom Radius Authentication Rules and in the configuration menu there is: > If received packet Type :Access Challenge > Take action: Show Next Token page
That's pretty common. > Now it seems to me, that after providing the correct login/(static) > password combination, not an Access-Accept must be sent, but instead an > Access-Challenge. Yes. > Maybe, this can be done using the otpd, but up to now I am searching on > how to realise this. > Anyone any idea? The rlm_otp module is intended to support specific token cards. If you need another kind of token-based authentication, the best bet is to roll your own. See rlm_example for a simple C challenge-response authentication module. You may also need a consistent State attribute. That code is in rlm_eap, but should probably be pulled into src/main, because other modules may need it, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html