I'm fully aware of the fact that the radius server generates the challenge.
The problem is that the access challenge sent by the radius server, to the pam module, is returned by the pam module without being displayed to the user. What I expect is for the access challenge to be displayed to the user: Enter your OTP (or something). After the user has responded to the access challenge, the response should be sent back to the radius server for authentication. As of now, the PAM module responds to the access challenge by itself without asking for additional user input. Therefore, the reply message doesn't contain the correct value. ________________________________________ From: freeradius-users-bounces+robert.svensson=mideye....@lists.freeradius.org [freeradius-users-bounces+robert.svensson=mideye....@lists.freeradius.org] On Behalf Of Alan DeKok [al...@deployingradius.com] Sent: Wednesday, March 18, 2009 9:47 PM To: FreeRadius users mailing list Subject: Re: RADIUS challenge response using the PAM module Robert Svensson wrote: > something else than what the radius server expected. Like an invalid OTP for > example Uh... the RADIUS server is the one generating the challenge. Not the PAM module. Perhaps you could give explanations of what you expect, and what you see. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
