MOTP with freeradius
Gaston Bougie
gaston.bougie at gmail.com
Fri Aug 31 19:59:41 CEST 2007
Hi Gents,
I've configured successfully MOTP with xtradius.
This way I can do a otp check with a password generated on my mobile
(with a java script).
see http://motp.sourceforge.net for more information
Now I would like to build this functionality with freeradius.
I've read that Exec-Program-Wait is ending so I would like to follow
procedures and start with rlm_exec.
I've read information about it, but find it very poor documented on
the freeradius site, so I hope that someone else also
bumped in to this startup, or maybe implementation of otpverify.
First my setup worked with this user config file, and some other to
declare some options:
---------------------------
DEFAULT Auth-Type = External
Exec-Program-Wait = "/usr/local/bin/otpverify.sh %u %w %S %P
%O",
Fall-Through = Yes
#
# Users
#
test1
Secret = 34963495834,
PIN = 1234,
Offset = 3600
---------------------------
there was also a execparams file which contained the options for
otpverify
---------------------------
User-Name u
Password w
Secret S
PIN P
Offset O
---------------------------
I understand that I must configure something like in the radiusd.conf :
---------------------------
modules {
exec otpverify {
wait = yes
program = "/usr/local/bin/otpverify.sh %u %w %S %P %O"
input_pairs = request
output_pairs = reply
}
}
---------------------------
I think that I miss the basic info, being stuck in the basic points of:
- How do I handle the options needed for otpverify.sh (username /
password / secret / PIN / offset)
- How to call this script for a user
Regards,
Gaston
More information about the Freeradius-Users
mailing list