patch files for pam_radius - adding an 'Always Prompt' option for?one-time passcodes
Alexander Clouter
alex at digriz.org.uk
Thu Jun 30 17:51:36 CEST 2011
Nick Owen <nowen at wikidsystems.com> wrote:
>
> We recently had a customer that wanted to check a password against AD
> via kerberos and then an one-time passcode against a WiKID Strong
> Authentication server via radius. We found that PAM passed the AD
> password to our OTP server, which failed. We have added a pam option
> "always prompt" in the attached code. This will force a "WiKID
> passcode:" prompt regardless of any previous password entry. This can
> be changed, of course.
>
Better to lead with the OTP as then you fend off brute force and
dictionary attacks.
Cheers
--
Alexander Clouter
.sigmonster says: If you had any brains, you'd be dangerous.
More information about the Freeradius-Users
mailing list