Freeradius as a PIN server?

Nick Owen nowen at wikidsystems.com
Wed Dec 14 15:30:29 CET 2011


On Wed, Dec 14, 2011 at 5:39 AM, Sušnik Rudolf <Rudolf.Susnik at telekom.si> wrote:
> Perhaps you may want delivering PIN to user's cellular over SMS. Anyway Freeradius seems not to be enough, at least you would need some external database and web server - both for creating and storing PINs. I did the task using FR, Apache and MySql. As I see, my concept is quite similar to Nick's one.
>
> Regards, Rudolf.

If you are considering SMS for authentication, I suggest you consider
the risks involved. The carriers are in no way incented to secure user
accounts or SMS.  It might be fine for many non-critical uses and is
better than just a static password, but if you really need strong
authentication, you won't get that from SMS.  My latest rant and a
listing of examples of SMS breachs:
http://www.wikidsystems.com/WiKIDBlog/fraudsters-defeat-poor-risk-management-not-two-factor-authentication

Sorry to be off-topic...

nick


>
> -----Original Message-----
> From: freeradius-users-bounces+rudolf.susnik=telekom.si at lists.freeradius.org [mailto:freeradius-users-bounces+rudolf.susnik=telekom.si at lists.freeradius.org] On Behalf Of Nick Owen
> Sent: Tuesday, December 13, 2011 6:58 PM
> To: FreeRadius users mailing list
> Subject: Re: Freeradius as a PIN server?
>
> On Tue, Dec 13, 2011 at 11:07 AM, Peter Moreton <Peter.Moreton at cbi.org.uk> wrote:
>> Sorry for the newbie question, but, quite simply, could Freeradius be
>> configured to provide a simple 'PIN Server' ? - I want users to be
>> able to choose a 4 digit PIN, and then have Freeradius validate Logon
>> requests using the username/PIN combination (in addition to some
>> separate LDAP
>> authentication)
>>
>>
>>
>> Really, I am looking to build a lightweight 2-factor authentication
>> system, without the expense of RSA SecurID or similar.
>
> I'm afraid knowledge of a PIN and knowledge of a password is not two-factor authentication, it is just more of a one-factor authentication.
>
> Feel free to use our open-source two-factor authentication system:
> http://www.wikidsystems.com/community-version.  If someone wants to contribute a freeradius rlm module using one of our api packages, we would greatly appreciate it:
> http://www.wikidsystems.com/downloads/network-clients
>
> Nick
>
> --
> --
> Nick Owen
> WiKID Systems, Inc.
> 404.962.8983
> http://www.wikidsystems.com
> Commercial/Open Source Two-Factor Authentication
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



-- 
--
Nick Owen
WiKID Systems, Inc.
404.962.8983
http://www.wikidsystems.com
Commercial/Open Source Two-Factor Authentication




More information about the Freeradius-Users mailing list