I think your question is quite difficult to understand as the implementation of your authentication needs is not clearly stated. I am not sure I understand what you mean by OTP? Is this OTP a service? Does it accept arguments such as username and password? I need some clarification on these bits to help further. There are currently many PAM modules which can be used to authenticate a fairly wide variety of services (radius, kerberos, ldap etc.) and you could simply implement one that suites your needs if one exists currently. If you are looking for existing modules to authenticate using the PAM libraries I would recommend looking here -> http://www.kernel.org/pub/linux/libs/pam/modules.html If you are looking to develop a stand alone PAM module to perform your authentication I would recommend reading up on PAM development here -> http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_MWG.html Jas lisa laam wrote: > Hi, > > > I have a trainee. > -I have to write a module witch should be able to authenticate users > with username and password concatenated to OTP (One Time Password) > rather than only password. > - this module should be able to authenticate first the user within > Active Directory and then validate the OTP. > -The module that validate the OTP is Servlet (JAVA module). and i should > use it for OTP validation. > > -what i should implment is a proof of concept. > > -After studiying the different AAA (radius, kerberos, ..) severs, I > propose to use Freeradius to integrate this module for remote access > (for a simple prrof of concept). my choice was based on the fact that > Radius protocol is hily supported. > -For web access I thought writting a module (PAM module) for an Apache > Server./ your comment? > > -The first probleme is that i have only two months left to implement one > of the two solution (Apache or Radius) so i should choose rapidlly. > Witch of the two is easiest to implement?? > - ths second probleme is that this is the first time i deal with > Freeradius, PAM, Apache. > > my questions are : > > 2- if i used Freeradius, then what would be easy and rapide to implement > a PAM module or using JRadius (i tried to install Jradius patch, but > didn't succeed)? Did you advice me JRadius (I thougt about JRadius > because the OTP validation programme is written in JAVA) ? > 3- about PAM modules, I understand that we could use this independently > from Freeradius Server. Is this true. would it be easier and fatser to > implement a standalone PAM? > > please need your advice. help me to choose : > > - Freeradius+ PAM or > - Freeradius+ JRadius or > - Freeradius+ waht ? or > - Apache + PAM or > - standalone PAM ?? or > - what > > thanks in advance > > > Lisa > > > ------------------------------------------------------------------------ > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list -- Jason Gerfen jason.gerfen@xxxxxxxxxxxx University Of Utah Marriott Library "It's not my problem... Wooo Hooo!" _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
