writing custom pam!!!

[lisa laam]

Hi,


I have a trainee.
-I have to write a module witch should be able to authenticate users with
username and password concatenated to OTP (One Time Password) rather than
only password.
- this module should be able to authenticate first the user within Active
Directory and then validate the OTP.
-The module that validate the OTP is Servlet (JAVA module). and i should use
it for OTP validation.

-what i should implment is a proof of concept.

-After studiying the different AAA (radius, kerberos, ..) severs, I propose
to use Freeradius to integrate this module for remote  access (for a simple
prrof of concept). my choice was based on the fact that Radius protocol is
hily supported.
-For web access I thought writting a module (PAM module) for an Apache
Server./ your comment?

-The first probleme is that i have only two months left to implement one of
the two solution (Apache or Radius) so i should choose rapidlly. Witch of
the two is easiest to implement??
- ths second probleme is that this is the first time i deal with Freeradius,
PAM, Apache.

my questions are :

2- if i used Freeradius, then what would be easy and rapide to implement a
PAM module or using JRadius (i tried to install Jradius patch, but didn't
succeed)? Did you advice me JRadius (I thougt about JRadius because the OTP
validation programme is written in JAVA) ?
3- about PAM modules, I understand that we could use this independently from
Freeradius Server. Is this true. would it be easier and fatser to implement
a standalone PAM?

please need your advice. help me to choose :

- Freeradius+ PAM or
- Freeradius+ JRadius or
- Freeradius+ waht ? or
- Apache + PAM or
- standalone PAM ?? or
- what

thanks in advance


Lisa
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20070614/05c2f484/attachment.htm>