I am trying to configure FreeRadius to work with my external authentification script.
I have a custom module
exec myscript {
wait = yes
shell_escape = yes
program = "/path/to/myscript %{Stripped-User-Name} %{User-Password}"
}
and this works. However, I am concerned because plaintext passwords are passed as a command line arguments to the script, so ps
run at opportune moment could reveal passwords.
It would be much better if I could write arguments to a protected file from which myscript can read them. I haven't been able to find how to do this. Is it possible, and how?