On 03/15/2010 02:32 PM, Rajendra Hegde wrote:
pam_conv is good for holding interactive conversation locally for
applications
such as login, su etc.
When used with radius server pam_conv failed to do prompt at remote_client.
Please note that we are not interested in local convesation where PAM is
located.
The remote client I have used is one of the test applications from the
radius suite.
Let me aks you further.
note: A and B are machines.
{client @ A} ---> {radius at B} --> {PAM @ B}
Now when I tested as said above, a call to pam_conv in PAM module at
machine B
did nothing. Are you sure it does prompt with a message at client @ A ?
I look forward to your reply.
Thanks,
O.K. That's part of the information I was trying to get you to reveal.
You're talking about the client on the other side of the radius protocol
and you're not talking about the pam conversation at the radius server.
If you want to send a challenge to the client you can emit a
ACCESS-CHALLENGE packet along with a reply-message. See
src/modules/rlm_example/rlm_example.c for an example of how to do this.
You'll still need to use pam_conv and I think you'll need some way to
retain state. Also not all clients support access-challenge and if they
don't they're allowed to assume they received auth-reject when they
receive access-challenge.
--
John Dennis <jden...@redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
