I notice that raddb/mods-available/otp has a link to <http://www.tri-dsystems.com/> That domain is broken - there are REFUSED responses from both their nameservers. If they have gone out of business, perhaps the file should link to this fork instead? https://code.google.com/p/otpd/ That hasn't had a release since Nov 2009, although SVN has commits from Sep 2012. I'm just trying to work out whether this is a viable option going forward (specifically for yubikey authentication, in place of using a PAM module) I notice that the README file says that you will need: b. A plugin for your auth server, that talks to otpd. You can download plugins from the TRI-D Systems web site, or write your own. Your authentication server software vendor might also supply plugins for otpd. But if their site has gone away, that means it's probably not very useful :-( Regards, Brian.
Am Donnerstag, 13. März 2014, 12:18:35 schrieb Brian Candler:
I notice that raddb/mods-available/otp has a link to
<http://www.tri-dsystems.com/>
That domain is broken - there are REFUSED responses from both their nameservers.
If they have gone out of business, perhaps the file should link to this fork instead? https://code.google.com/p/otpd/ That hasn't had a release since Nov 2009, although SVN has commits from Sep 2012.
I'm just trying to work out whether this is a viable option going forward (specifically for yubikey authentication, in place of using a PAM module)
I notice that the README file says that you will need:
b. A plugin for your auth server, that talks to otpd. You can download plugins from the TRI-D Systems web site, or write your own. Your authentication server software vendor might also supply plugins for otpd.
But if their site has gone away, that means it's probably not very useful :-(
Regards,
Brian.
Hi, I tried OTP for FreeRADIUS and found mtop that implements RFC 6238 most promising. I described the setup here: https://sys4.de/en/blog/2013/03/16/otp-freeradius Greetings, Michael Schwartzkopff -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64, +49 (162) 165 0044 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
On 13 Mar 2014, at 12:32, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
I'm just trying to work out whether this is a viable option going forward (specifically for yubikey authentication, in place of using a PAM module)
upgrade and use the native yubikey module?
Yes, that would make the most sense in this instance. It can work with Yubico's servers using their web API or do local decrypt and validation, or both. Happy to offer assistance if you run into issues or don't understand how part of it works. If you don't want to upgrade your main servers you could always just run one version 3.0.x server and proxy to it. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
Brian Candler wrote:
I notice that raddb/mods-available/otp has a link to
<http://www.tri-dsystems.com/>
That domain is broken - there are REFUSED responses from both their nameservers.
They got bought by RedHat.
If they have gone out of business, perhaps the file should link to this fork instead? https://code.google.com/p/otpd/ That hasn't had a release since Nov 2009, although SVN has commits from Sep 2012.
I don't like referencing unsupported software.
I'm just trying to work out whether this is a viable option going forward (specifically for yubikey authentication, in place of using a PAM module)
I notice that the README file says that you will need:
b. A plugin for your auth server, that talks to otpd. You can download plugins from the TRI-D Systems web site, or write your own. Your authentication server software vendor might also supply plugins for otpd.
But if their site has gone away, that means it's probably not very useful :-(
I think it's time to remove rlm_otp from v3. It's not supported, no one uses it, and the code is pretty horrific. Alan DeKok.
participants (5)
-
A.L.M.Buxey@lboro.ac.uk -
Alan DeKok -
Arran Cudbard-Bell -
Brian Candler -
Michael Schwartzkopff