3.60.1. ChallengeHook Previous topic Parent topic Child topic Next topic

ChallengeHook is a fragment of Perl code that is expected to generate a OTP (if necessary) save the OTP (in $context is sometimes convenient) and send the OTP to the user by a back channel (if necessary). It should return a challenge string that will be presented to the user by the client, informing them of how to get or generate their password.
It is passed the following arguments:
  • Reference to the current AuthBy module object
  • User name
  • Current RADIUS request packet
  • User context that will be available later in VerifyHook. It can be used to store information such as the correct password until later in the authentication process.
The default ChallengeHook generates a random password according to PasswordPattern, saves it in the context and returns a challenge message telling the user what the correct password is. The default ChallengeHook must not be used in a production environment.
This example shows how to generate a random password and pass it to an external program which must deliver it to the user through some back channel like SMS. The example just echoes it to stdout. You can see that the generate_password() function can be used to generate a random password that conforms to PasswordPattern. The password is stored in the context so it can be checked later in the VerifyHook.
ChallengeHook sub {my ($self, $user, $p, $context) = @_;\
      $context->{otp_password} = $self->generate_password();\ 
      system('/bin/echo', "in sample ChallengeHook for", \
      $user, "password is", $context->{otp_password});\
      return "Your OTP password has been printed by Radiator on STDOUT";}