How to add OTP validation to FreeRadius

[Ouahiba MACHANI]

Hi all,


I have to find a solution that integrates the use of OTP (One Time Password
) as a second factor authentication in addition to the first factor
authentication (witch is generally username and password) to an existing
authentication System.

This solution should be integrated easily to the existing authentication
system regardless the protocol used for authentication (Rdius, Kerberos,
Http, EAP, etc) and regardless the OS.

 My questions are:

1-      What are the possibilities and the facilities offered by
FreeRadius??

2-      I though about tow solutions :

a-       Developing a plug-in that could be integrated to the existing
authentication system. This plug-in will interact with the OTP-Server for
otp validation.

b-      Installing a radius server in front of the existing IT system. This
server will be configured  in a way it will redirect first factor
authentication requests (exple : username/password) to the existing
authentication system and the OTP second factor authentication to the OTP
services Server hosted and give access to user only when this 2 factors are
valide.

I have no idea about Radius. And these are general ideas and I want someone
to tell me if these solutions are possible and how to proceed.  Wats is best
or better to do?

 Is there any other solution?

 Waiting for your response.

 Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070424/f6088a0f/attachment.html>