Greg Woods wrote: > We have a freeradius instance that talks to the world, and proxies > requests to a back end server that does token authentication via the > "otp" module. This all works fine. What we need is something we can do > when a user forgets or loses their card. We thought to use S/key for > this. To that end, I have another back end server that does s/key > authentication via a PAM module. This too works, but I have to find a > way to specify in the front end proxy on a per-user basis which back end > server should be used.
Use groups, or *something* else. What's in the request packet that make S/key different from the other authentication modules? How can you distinguish between the two kinds of requests? Where is that information stored? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
