Add support for Access-Challenge response for OTP/RADIUS
pbrezina at redhat.com
Tue Jun 8 07:46:17 EDT 2021
Kerberos currently handles only Access-Success replies from OTP/RADIUS
and treats other messages as failure. RADIUS can also send
Access-Challenge which asks user for more information and delivers the
prompt inside the Reply-Message attribute.
I'm implementing support for this reply in Kerberos. Here is my WIP
At this moment, it accepts Access-Challenge and unconditionaly sends
another Access-Request which State attribute set. But I need help with
delivering the prompt to the user. Can you give me some hints on how to
deliver the prompt to the Kerberos client (e.g. kinit) and then send
user's reply back to KDC and RADIUS server.
More information about the krbdev