Using Exec-Program-Wait for MOTP (mobile OTP) with MSCHAPv2
Markus Gaugusch
markus at gaugusch.at
Fri Feb 13 19:40:00 CET 2009
On Feb 13, Fabiano <fabiano at powerpc.ch> wrote:
> Hello,
>
> Does anyone know where I can find some information on how to use the
> following in freeradius ?
> I have an external shell script which awaits arguments (username, clear
> password, and other arguments) and returns an answer for validation.
> The problem is that I cannot find any lead on how to do this while using
> MSCHAPv2...
> And I am not sure how to do this with Exec-Program-Wait.
Hi Fabiano!
I'm using mobile otp, but I use pam and not the shell script. (In fact,
the shell script has some security issues which I found out a few days
ago. Especially, it does not do the "one time" check correctly, because a
token code can be reused until it expires!.
To enable pam, I just wrote "pam" into the authenticate section, that's
it. (and of course have a proper /etc/pam.d/radiusd file)
Markus
More information about the Freeradius-Users
mailing list