[20287] in Kerberos_V5_Development
Add support for Access-Challenge response for OTP/RADIUS
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Pavel_B=c5=99ezina?=)
Tue Jun 8 07:46:35 2021
To: krbdev@mit.edu
From: =?UTF-8?Q?Pavel_B=c5=99ezina?= <pbrezina@redhat.com>
Message-ID: <5aa8aaf9-c301-b43d-3b33-3c3cea23a0c5@redhat.com>
Date: Tue, 8 Jun 2021 13:46:17 +0200
MIME-Version: 1.0
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Hi Kerberos,
Kerberos currently handles only Access-Success replies from OTP/RADIUS
and treats other messages as failure. RADIUS can also send
Access-Challenge which asks user for more information and delivers the
prompt inside the Reply-Message attribute.
I'm implementing support for this reply in Kerberos. Here is my WIP
branch: https://github.com/pbrezina/krb5/commits/otp-challenge
At this moment, it accepts Access-Challenge and unconditionaly sends
another Access-Request which State attribute set. But I need help with
delivering the prompt to the user. Can you give me some hints on how to
deliver the prompt to the Kerberos client (e.g. kinit) and then send
user's reply back to KDC and RADIUS server.
Thanks,
Pavel.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
