ChallengeHook is a fragment of Perl code that is expected to
generate a OTP (if necessary) save the OTP (in $context is sometimes
convenient) and send the OTP to the user by a back channel (if necessary).
It should return a challenge string that will be presented to the user by
the client, informing them of how to get or generate their
password.
It is passed the following arguments:
- Reference to the current AuthBy module object
- User name
- Current RADIUS request packet
- User context that will be available later in VerifyHook. It can be
used to store information such as the correct password until later in
the authentication process.
The default ChallengeHook generates a random password according
to PasswordPattern, saves it in the context and returns a challenge
message telling the user what the correct password is. The default
ChallengeHook must not be used in a production environment.
This
example shows how to generate a random password and pass it to an external
program which must deliver it to the user through some back channel like
SMS. The example just echoes it to stdout. You can see that the
generate_password() function can be used to generate a random password
that conforms to PasswordPattern. The password is stored in the context so
it can be checked later in the VerifyHook.
ChallengeHook sub {my ($self, $user, $p, $context) = @_;\
$context->{otp_password} = $self->generate_password();\
system('/bin/echo', "in sample ChallengeHook for", \
$user, "password is", $context->{otp_password});\
return "Your OTP password has been printed by Radiator on STDOUT";}