eap_gtc module implements EAP-GTC authentication. It is a
submodule of eap and cannot be used on its own.
GTC stands for Generic Token Card. The intent is to permit the use of challenge-response token cards with EAP. The challenge and the response are sent in the clear, which means that they are visible to anyone who can monitor the wireless or wired network traffic. Therefore, this module should only be inside of an EAP-TTLS or an EAP-PEAP tunnel. The TLS tunnel will protect the challenge and response from eavesdroppers.
The module challenges the user with a fixed text string and looks for
a response from the user. When the module sees the user’s response, it
puts the response into a
User-Password attribute. Another module is
then called to validate the password.
local | PAP | …
The module that will perform the
User-Passwordauthentication for the user. The user’s response is put into a
User-Passwordattribute and passed to another module for authentication.
If the word
localis used instead of
PAP, the module will look for
control:Cleartext-Passwordand will perform a string comparison with the user’s response.
challenge = string
The default challenge. Many clients will ignore this challenge and may not even show it to the user.