30 Jun
2011
30 Jun
'11
11:51 a.m.
Nick Owen <nowen@wikidsystems.com> wrote:
We recently had a customer that wanted to check a password against AD via kerberos and then an one-time passcode against a WiKID Strong Authentication server via radius. We found that PAM passed the AD password to our OTP server, which failed. We have added a pam option "always prompt" in the attached code. This will force a "WiKID passcode:" prompt regardless of any previous password entry. This can be changed, of course.
Better to lead with the OTP as then you fend off brute force and dictionary attacks. Cheers -- Alexander Clouter .sigmonster says: If you had any brains, you'd be dangerous.