Hi Alan.
I want to use MOTP for authentication. MOTP uses a shell-script
(/usr/local/bin/otpverify.sh) to verify the given password. The script
needs five arguments (User, One-Time-Password, Secret, PIN and Offset).
Where do those arguments come from?
OK - that's what I forgot to say. The first two arguments (user and
password) come directly from the user. The next three arguments (secret,
pin and offset) are per-user-values. So I wanted to configure these
values in the 'users'-file (/etc/freeradius/users)
For example:
[...]
user1
Secret = 143a5c6fa125ac1f,
PIN = 1234,
Offset = 0
My system is a fresh installation of freeradius on a Debian/Lenny system.
I did the following changes on the following config-files:
1. A new dictionary-file (included in /etc/freeradius/dictionary):
/etc/freeradius/dictionary.motp
-------------------------------
ATTRIBUTE Secret 960 string
ATTRIBUTE PIN 961 string
ATTRIBUTE Offset 962 string
That defines the attributes. Now, where do the values get populated?
In the users file (see above).
2. A new module in
/etc/freeradius/radiusd.conf (modules-section):
----------------------------
[...]
exec motp {
wait = yes
program = "/usr/local/bin/otpverify.sh %{User-Name}
%{User-Password} %{Secret} %{PIN} %{Offset}"
input_pairs = request
output_pairs = config
}
[...]
The %{...} syntax replaces the given string with the *value* of the
named attributed. Where are you setting these values?
Also in the users file.
The main-problem is: freeradius didn't call the script with all the
needed arguments - so the authentication failes:
[...]
expand: /usr/local/bin/otpverify.sh '%{User-Name}'
'%{User-Password}' '%{Secret}' '%{PIN}' '%{Offset}' ->
/usr/local/bin/otpverify.sh 'stefan' '123' '' '' ''
Because you haven't define any values for those attributes.
Can you tell me, where I have to define them ??
Thank you very much,
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
