search

FreeRADIUS / pam_radius

This is the PAM to RADIUS authentication module. It allows any Linux, OSX or Solaris machine to become a RADIUS client for authentication and password change requests.
GNU General Public License v2.0
102 stars 90 forks source link

Adding custom challenge option #68

Closed oculos closed 1 year ago

oculos commented 1 year ago

We are proposing adding a challenge option for pam_radius so that the user can configure a prompt to replace the one sent by the radius server on the Reply-Message of an Access-Challenge request.

This can be useful in situation where the message of the server isn't very explanatory or not very compatible with the linux command line.

If this gets approved, I will also work on a challenge_suffix option, so that the user can configure suffixes for server-sent prompts, such as :, as many servers do not send well formatted prompts.

I was also thinking about adding a banner option, and actually wrote the code for it, but I guess it can be annoying to have the same message displayed on and on again after a failed attempt. And to get the message written only once there are maybe better solutions such as pam_echo out there.

alandekok commented 1 year ago

This should be cleaned up to avoid lots of intermediate / debugging commits. There is no reason to keep those in the git history. And the other "back and forth" development commits should be merged, so there's only one commit which adds the code.

But generally this functionality belongs on the RADIUS server.