AW: google authenticator and commercial otp
In a few months you may use OTPme (http://www.otpme.org). The current version does not support OATH tokens but the next version will. I successfully tested HOTP and TOTP tokens like the yubikey or google authenticator. Freeradius integration is done via rlm_python. If you want to keep otpd and want to write your own freeradius module you may have a look at the otpme module. It should be a good starting point. Regards the2nd <div>-------- Ursprüngliche Nachricht --------</div><div>Von: Michael A Hawkins <mhawkins.consultant@gmail.com> </div><div>Datum:09.23.2015 18:39 (GMT+01:00) </div><div>An: freeradius-users@lists.freeradius.org </div><div>Betreff: google authenticator and commercial otp </div><div> </div>Alan said, "There are a number of commercial ones which work. The google authenticator also works." Commercial means I usually (almost always) can't use my own tokens sourced from my own token supplier. I liked it that otpd allowed me to source tokens from wherever I wanted. All I needed was a supplier with a cost effective token and a supplier willing to supply me with the seeds too. Commercial suppliers usually lock you into their tokens, their servers, their solution or all of the above. google authenticator doesn't fit in my wallet. I've always believed that the least likely item to be lost or misplaced by a user is their own wallet. Cell phones, not so much. A users wallet contains stuff that is far more important than a cell phone. Cell phones get lost, stolen far more often than wallets. If rlm_otp is to be removed. Against which module would I rewrite otpd so that it could continue to work with freeradius? From googling, it looks like alot of other otpd solutions out there use a perl module to interact with freeradius. Is that the only way? Is there a better way? Thanks again, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
google authenticator doesn't fit in my wallet. I've always believed that the least likely item to be lost or misplaced by a user is their own wallet. Cell phones, not so much. A users wallet contains stuff that is far more important than a cell phone. Cell phones get lost, stolen far more often than wallets.
my wallet contains some cash and some bank cards (which can be cancelled and new ones provided within 24 hours....) . my phone, however, contains contacts, my means of contacting people, my 2 factor authentication stuff for online things and recent unbacked up photos of my loved ones. password protected and encrypted though. I know which of those I look after more these days ;-) alan
Hi Alan, this is why you should pick a solution like privacyIDEA where you can choose amongst or combine different authentication devices like the smartphone and OTP cards, which fit into the wallet or even devices where you can generate the secret key on yourself like the Yubikey or the eToken NG OTP. Thus you can decide which is the most reliable authenticator in this situation. Kind regards Cornelius Am Mittwoch, den 23.09.2015, 18:34 +0000 schrieb A.L.M.Buxey@lboro.ac.uk:
Hi,
google authenticator doesn't fit in my wallet. I've always believed that the least likely item to be lost or misplaced by a user is their own wallet. Cell phones, not so much. A users wallet contains stuff that is far more important than a cell phone. Cell phones get lost, stolen far more often than wallets.
my wallet contains some cash and some bank cards (which can be cancelled and new ones provided within 24 hours....) . my phone, however, contains contacts, my means of contacting people, my 2 factor authentication stuff for online things and recent unbacked up photos of my loved ones. password protected and encrypted though.
I know which of those I look after more these days ;-)
alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Cornelius Kölbel cornelius.koelbel@netknights.it +49 151 2960 1417 NetKnights GmbH http://www.netknights.it Landgraf-Karl-Str. 19, 34131 Kassel, Germany Tel: +49 561 3166797, Fax: +49 561 3166798 Amtsgericht Kassel, HRB 16405 Geschäftsführer: Cornelius Kölbel
participants (3)
-
A.L.M.Buxey@lboro.ac.uk -
Cornelius Kölbel -
the2nd