McCann, Brian wrote: > Hi all. I hate to be a pest…but I cannot find anything really on what > I’m trying to do.
You're trying to have another program authenticate the user. This means setting up that program as being responsible for the authentication. > I’m trying to use a Python program as an “external authenticator”, so I > can check various things with the username and password in my already > existing authentication schemes. I thought this would be easy…I was > wrong. Through some trial and error, I’ve determined that the Python > app needs to return “Cleartext-Password” with “some value”…that value is > unclear to me since I’ve returned anything and it takes it. No. If it's returning a Cleartext-Password, then you are *not* using the program as the authenticator. > My question to everyone is this: Is there an example program, in Python > or perl, that is complete and works somewhere? Everything I’ve seen > just says things like “your code here”, and never specifies what the > returns need to be formatted like and/or include for EAP. I had been > assuming that I just simply had to return a simple “OK” or “FAIL”, but > that’s clearly not right. It's right *if* you're running the Python module in the "authenticate" section. This usually means forcing Auth-Type, which is one of the few times where doing that is useful. My $0.02, however, is to say that this is a bad idea. You're nearly always better off letting the authentication server do the authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html