On 9 May 2014, at 14:42, Frederic Van Espen <frederic.ve@gmail.com> wrote:
On Fri, May 9, 2014 at 2:32 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
Oops. It's more like
authorize { # 44 is OTP len + ID Len if (User-Password =~ /^(.*)([cbdefghijklnrtuv]{44})$/) { update request { User-Password = "%{2}" } yubikey.authenticate
Perfect! That was the missing bit! Thank you sir!
nice!
It is now authenticating the yubikey OTP. Afterwards it fetches the crypt password from ldap which is then verify using PAP in the authenticate section.
I've fixed it in v3.0.x HEAD (which will become 3.0.3 very soon) so that it just works. If you could test it'd be very much appreciated :) For your setup with LDAP and crypt, it'd be something like: authorize { yubikey ldap } authenticate { Auth-Type yubikey { yubikey pap } } Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2