How to add OTP validation to FreeRadius
Hi all, I have to find a solution that integrates the use of OTP (One Time Password ) as a second factor authentication in addition to the first factor authentication (witch is generally username and password) to an existing authentication System. This solution should be integrated easily to the existing authentication system regardless the protocol used for authentication (Rdius, Kerberos, Http, EAP, etc) and regardless the OS. My questions are: 1- What are the possibilities and the facilities offered by FreeRadius?? 2- I though about tow solutions : a- Developing a plug-in that could be integrated to the existing authentication system. This plug-in will interact with the OTP-Server for otp validation. b- Installing a radius server in front of the existing IT system. This server will be configured in a way it will redirect first factor authentication requests (exple : username/password) to the existing authentication system and the OTP second factor authentication to the OTP services Server hosted and give access to user only when this 2 factors are valide. I have no idea about Radius. And these are general ideas and I want someone to tell me if these solutions are possible and how to proceed. Wats is best or better to do? Is there any other solution? Waiting for your response. Thanks in advance.
On 4/24/07, Ouahiba MACHANI <ouahiba.machani@gmail.com> wrote:
Hi all,
I have to find a solution that integrates the use of OTP (One Time Password ) as a second factor authentication in addition to the first factor authentication (witch is generally username and password) to an existing authentication System.
This solution should be integrated easily to the existing authentication system regardless the protocol used for authentication (Rdius, Kerberos, Http, EAP, etc) and regardless the OS.
My questions are:
1- What are the possibilities and the facilities offered by FreeRadius??
2- I though about tow solutions :
a- Developing a plug-in that could be integrated to the existing authentication system. This plug-in will interact with the OTP-Server for otp validation.
b- Installing a radius server in front of the existing IT system. This server will be configured in a way it will redirect first factor authentication requests (exple : username/password) to the existing authentication system and the OTP second factor authentication to the OTP services Server hosted and give access to user only when this 2 factors are valide.
I have no idea about Radius. And these are general ideas and I want someone to tell me if these solutions are possible and how to proceed. Wats is best or better to do?
Is there any other solution?
I don't think this is really a freeradius question. You need to choose a two-factor authentication system that supports radius. Luckily, most do. hth, Nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication
Thanks Nick for replaying. can you give me exemples of such systems? what I should do is to dveloppe compenent wich could be integrated easily to an existing authentication system. this is an exemple of a similar solution http://www.tri-dsystems.com/technology/arch.html. witch add plugin to the existng authentication system that interfaces with the OTP back-end services. 2007/4/25, Nick Owen <nowen@wikidsystems.com>:
On 4/24/07, Ouahiba MACHANI <ouahiba.machani@gmail.com> wrote:
Hi all,
I have to find a solution that integrates the use of OTP (One Time
Password
) as a second factor authentication in addition to the first factor authentication (witch is generally username and password) to an existing authentication System.
This solution should be integrated easily to the existing authentication
system regardless the protocol used for authentication (Rdius, Kerberos, Http, EAP, etc) and regardless the OS.
My questions are:
1- What are the possibilities and the facilities offered by FreeRadius??
2- I though about tow solutions :
a- Developing a plug-in that could be integrated to the existing authentication system. This plug-in will interact with the OTP-Server for otp validation.
b- Installing a radius server in front of the existing IT system. This server will be configured in a way it will redirect first factor authentication requests (exple : username/password) to the existing authentication system and the OTP second factor authentication to the OTP services Server hosted and give access to user only when this 2 factors are valide.
I have no idea about Radius. And these are general ideas and I want someone to tell me if these solutions are possible and how to proceed. Wats is best or better to do?
Is there any other solution?
I don't think this is really a freeradius question. You need to choose a two-factor authentication system that supports radius. Luckily, most do.
hth,
Nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 4/25/07, Ouahiba MACHANI <ouahiba.machani@gmail.com> wrote:
Thanks Nick for replaying.
can you give me exemples of such systems?
If you are looking for a software-based two-factor authentication system: http://www.wikidsystems.com - our commercial server supports radius and will work with freeradius, out of the box. If you want open source - you would need to develop a plug-in connecting WiKID to freeradius. I think the way to that would be to use jradius (http://jradius.org/) and our java network client (https://sourceforge.net/project/showfiles.php?group_id=144774&package_id=181...). We would really appreciate the help. You can also google up OPIE as well. For hardware: http://www.rsasecurity.com - Securid http://www.vasco.com and many others. Google "two-factor authentication" and you will get plenty. It is a very competitive space. or you can run WiKID on a USB drive, if you're ok with that sort of thing. HTH, nick -- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/
Thanks very much Nick, i will look for all these. 2007/4/26, Nick Owen <nowen@wikidsystems.com>:
On 4/25/07, Ouahiba MACHANI <ouahiba.machani@gmail.com> wrote:
Thanks Nick for replaying.
can you give me exemples of such systems?
If you are looking for a software-based two-factor authentication system: http://www.wikidsystems.com - our commercial server supports radius and will work with freeradius, out of the box.
If you want open source - you would need to develop a plug-in connecting WiKID to freeradius. I think the way to that would be to use jradius (http://jradius.org/) and our java network client ( https://sourceforge.net/project/showfiles.php?group_id=144774&package_id=181... ). We would really appreciate the help.
You can also google up OPIE as well.
For hardware: http://www.rsasecurity.com - Securid http://www.vasco.com and many others. Google "two-factor authentication" and you will get plenty. It is a very competitive space. or you can run WiKID on a USB drive, if you're ok with that sort of thing.
HTH,
nick
-- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor Now open source: http://sourceforge.net/projects/wikid-twofactor/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Nick Owen -
Ouahiba MACHANI