Freeradius as a PIN server?
Sorry for the newbie question, but, quite simply, could Freeradius be configured to provide a simple 'PIN Server' ? - I want users to be able to choose a 4 digit PIN, and then have Freeradius validate Logon requests using the username/PIN combination (in addition to some separate LDAP authentication) Really, I am looking to build a lightweight 2-factor authentication system, without the expense of RSA SecurID or similar. Regards, Peter Moreton *************************************************************************************** The CBI's (Confederation of British Industry's) registered address is: Centre Point, 103 New Oxford Street, London WC1A 1DU Company number: RC000139
On Tue, Dec 13, 2011 at 11:07 AM, Peter Moreton <Peter.Moreton@cbi.org.uk> wrote:
Sorry for the newbie question, but, quite simply, could Freeradius be configured to provide a simple ‘PIN Server’ ? – I want users to be able to choose a 4 digit PIN, and then have Freeradius validate Logon requests using the username/PIN combination (in addition to some separate LDAP authentication)
Really, I am looking to build a lightweight 2-factor authentication system, without the expense of RSA SecurID or similar.
I'm afraid knowledge of a PIN and knowledge of a password is not two-factor authentication, it is just more of a one-factor authentication. Feel free to use our open-source two-factor authentication system: http://www.wikidsystems.com/community-version. If someone wants to contribute a freeradius rlm module using one of our api packages, we would greatly appreciate it: http://www.wikidsystems.com/downloads/network-clients Nick -- -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication
Perhaps you may want delivering PIN to user's cellular over SMS. Anyway Freeradius seems not to be enough, at least you would need some external database and web server - both for creating and storing PINs. I did the task using FR, Apache and MySql. As I see, my concept is quite similar to Nick's one. Regards, Rudolf. -----Original Message----- From: freeradius-users-bounces+rudolf.susnik=telekom.si@lists.freeradius.org [mailto:freeradius-users-bounces+rudolf.susnik=telekom.si@lists.freeradius.org] On Behalf Of Nick Owen Sent: Tuesday, December 13, 2011 6:58 PM To: FreeRadius users mailing list Subject: Re: Freeradius as a PIN server? On Tue, Dec 13, 2011 at 11:07 AM, Peter Moreton <Peter.Moreton@cbi.org.uk> wrote:
Sorry for the newbie question, but, quite simply, could Freeradius be configured to provide a simple 'PIN Server' ? - I want users to be able to choose a 4 digit PIN, and then have Freeradius validate Logon requests using the username/PIN combination (in addition to some separate LDAP authentication)
Really, I am looking to build a lightweight 2-factor authentication system, without the expense of RSA SecurID or similar.
I'm afraid knowledge of a PIN and knowledge of a password is not two-factor authentication, it is just more of a one-factor authentication. Feel free to use our open-source two-factor authentication system: http://www.wikidsystems.com/community-version. If someone wants to contribute a freeradius rlm module using one of our api packages, we would greatly appreciate it: http://www.wikidsystems.com/downloads/network-clients Nick -- -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Wed, Dec 14, 2011 at 5:39 AM, Sušnik Rudolf <Rudolf.Susnik@telekom.si> wrote:
Perhaps you may want delivering PIN to user's cellular over SMS. Anyway Freeradius seems not to be enough, at least you would need some external database and web server - both for creating and storing PINs. I did the task using FR, Apache and MySql. As I see, my concept is quite similar to Nick's one.
Regards, Rudolf.
If you are considering SMS for authentication, I suggest you consider the risks involved. The carriers are in no way incented to secure user accounts or SMS. It might be fine for many non-critical uses and is better than just a static password, but if you really need strong authentication, you won't get that from SMS. My latest rant and a listing of examples of SMS breachs: http://www.wikidsystems.com/WiKIDBlog/fraudsters-defeat-poor-risk-management... Sorry to be off-topic... nick
-----Original Message----- From: freeradius-users-bounces+rudolf.susnik=telekom.si@lists.freeradius.org [mailto:freeradius-users-bounces+rudolf.susnik=telekom.si@lists.freeradius.org] On Behalf Of Nick Owen Sent: Tuesday, December 13, 2011 6:58 PM To: FreeRadius users mailing list Subject: Re: Freeradius as a PIN server?
On Tue, Dec 13, 2011 at 11:07 AM, Peter Moreton <Peter.Moreton@cbi.org.uk> wrote:
Sorry for the newbie question, but, quite simply, could Freeradius be configured to provide a simple 'PIN Server' ? - I want users to be able to choose a 4 digit PIN, and then have Freeradius validate Logon requests using the username/PIN combination (in addition to some separate LDAP authentication)
Really, I am looking to build a lightweight 2-factor authentication system, without the expense of RSA SecurID or similar.
I'm afraid knowledge of a PIN and knowledge of a password is not two-factor authentication, it is just more of a one-factor authentication.
Feel free to use our open-source two-factor authentication system: http://www.wikidsystems.com/community-version. If someone wants to contribute a freeradius rlm module using one of our api packages, we would greatly appreciate it: http://www.wikidsystems.com/downloads/network-clients
Nick
-- -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication
participants (3)
-
Nick Owen -
Peter Moreton -
Sušnik Rudolf