Hi all Can you please tell whether it is possible to configure FreeRADIUS to authenticate users on the "S/KEY One-Time Password System", which is described in RFC 1760 (http://tools.ietf.org/html/rfc1760). Thank you so much.
Victor Guk wrote:
Can you please tell whether it is possible to configure FreeRADIUS to authenticate users on the "S/KEY One-Time Password System", which is described in RFC 1760 (http://tools.ietf.org/html/rfc1760).
Does the documentation say it supports S/KEY? Alan DeKok.
Alan DeKok <aland@deployingradius.com> wrote:
Can you please tell whether it is possible to configure FreeRADIUS to authenticate users on the "S/KEY One-Time Password System", which is described in RFC 1760 (http://tools.ietf.org/html/rfc1760).
Does the documentation say it supports S/KEY?
...but with my GTC patch I submitted months ago, it could do. Cheers -- Alexander Clouter .sigmonster says: Bus error -- please leave by the rear door.
Victor Guk <v.guk@zaz.zp.ua> wrote:
Can you please tell whether it is possible to configure FreeRADIUS to authenticate users on the "S/KEY One-Time Password System", which is described in RFC 1760 (http://tools.ietf.org/html/rfc1760).
You should be looking at RFC 2289[1] and also RFC 2243[2]. With FreeRADIUS I successfully got working: * 802.1X - both wpa_supplicant and SecureW2 * mod_auth_radius (via PAM) - both shell login and Apache basic auth To get it working, involves a trivial patch to rlm_eap_gtc (that Alan /dev/null'd) and a Perl script that runs via rlm_perl. It reads currently from an opiekeys compatible file, but my long term plan was to add LDAP/SQL backend support (as well as RFC2243 support). I also did some ground work so that you could get users to self-service prime their own MIDP JavaME enable mobile phone, via a web page or via SMS WAP Push message... Motivation dried up with Alan not applying my patch (grrr) and me not seeing to be too much interest in an opensource OTP solution for the UK university sector...*sigh*. I've put it on the back burner, but now with JavaME's future looking dodgy too... :-/ Code dump is available upon request, to anyone, it's all GPL. Cheers [1] http://tools.ietf.org/html/rfc2289 [2] http://tools.ietf.org/html/rfc2243 -- Alexander Clouter .sigmonster says: Without fools there would be no wisdom.
Alexander Clouter wrote:
To get it working, involves a trivial patch to rlm_eap_gtc (that Alan /dev/null'd) and a Perl script that runs via rlm_perl. It reads currently from an opiekeys compatible file, but my long term plan was to add LDAP/SQL backend support (as well as RFC2243 support).
OK... can you send it again? Alan DeKok.
Alan DeKok <aland@deployingradius.com> wrote:
To get it working, involves a trivial patch to rlm_eap_gtc (that Alan /dev/null'd) and a Perl script that runs via rlm_perl. It reads currently from an opiekeys compatible file, but my long term plan was to add LDAP/SQL backend support (as well as RFC2243 support).
OK... can you send it again?
Archived at the following linky, however I have re-sent it to the dev mailing list. http://lists.freeradius.org/pipermail/freeradius-devel/2010-January/013599.h... Cheers /me pats sigmonster :) -- Alexander Clouter .sigmonster says: Victory or defeat!
participants (3)
-
Alan DeKok -
Alexander Clouter -
Victor Guk