(RADIATOR) How to return the challenge with "AuthBy OPIE"?

Ken Bell kenbell at panix.com
Mon Nov 1 17:23:12 CST 2004 

On Fri, Oct 29, 2004 at 07:52:39AM +1000, Mike McCauley wrote:
> On Friday 29 October 2004 05:47, Ken Bell wrote:
> > When using "AuthBy OPIE", how does one get Radiator to return the
> > challenge (OTP sequence number) to the caller?  Thanks.
> 
> In the case of Radius PAP, the challenge is returned to the NAS in the 
> Reply-Message. Whether or not this is displayed to the user depends on the 
> NAS and the client.
> 
> In the case of EAP-OTP and EAP-GTC, it is returned in the EAP message as 
> required by the EAP standards. Most EAP clients will display the challenge to 
> the user.

Hi Mike,

Let me then rephrase my question :-)

I am trying to use Radiator to authenticate with OPIE for a CheckPoint
firewall user.  My radius.cfg is basically what is found in "opie.cfg"
in Radiator's "goodies" directory.  Authentication works, provided
that the user keeps track of the OTP sequence number, but it does
not appear that Radiator ever returns an OPIE challenge to the
firewall (caller).  Is this the fault of my configuration file, or
should the firewall be sending some request for a challenge prior
to prompting the user for his password?

Also, can I can provoke an OPIE challenge via "radpwtst"? I tried
sending an empty password, but simply get an auth reject.  If I
understand "AuthOPIE.pm", though, it appears that an empty password
is what triggers the challenge response.

Finally, on a related but not crucial note, I tried the "-gui"
option to radpwtst, and find that changing the values in the "To
this server" section (Name, Secret, Auth Port and Acct Port), does
not change what radpwtst actually uses; for that I must invoke
radpwtst with the desired options in the first place.  Also, it
appears that the list box for "Service-Type" is truncated, rather
than scrolling (the last type I see is "GRIC-PhoneHandset-User").

Thanks.

                                                  Ken
-- 
Ken Bell :: kenbell at panix.com   :: (212) 475-4976 (voice)

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list