two-factor authentication

Alan DeKok aland at deployingradius.com
Tue Oct 6 07:48:57 CEST 2009


David Jones wrote:
> Is there anyone on the list who has an actual working example of two factor authentication coded in perl using rlm_perl they would be willing to share?

  Most people use pre-existing authentication methods.  So there isn't
much in the way of example code.

> There are a number of incomplete examples, and a some hints as to errors in them, and I've taken all this on board and as a result can pass the challenge response back to the NAS.  What I'm having difficulty with is keeping state, so I can determine if an Authorize request is the first hit (real password) or the second (the second factor).

  That's what the State attribute is for.  See src/modules/rlm_example.
 An Access-Request without a State is the first one.  Then, you reply
with a State in the challenge.  The next Access-Request for the same
user comes in with the State.

  Storing the State is up to you.  The rest of the server stores it in
memory.  It should be pretty trivial for you to use the Perl modules to
store it in a file, DB, etc.

  Alan DeKok.



More information about the Freeradius-Users mailing list