patch files for pam_radius - adding an 'Always Prompt' option for?one-time passcodes

Alexander Clouter alex at digriz.org.uk
Thu Jun 30 17:51:36 CEST 2011


Nick Owen <nowen at wikidsystems.com> wrote:
> 
> We recently had a customer that wanted to check a password against AD
> via kerberos and then an one-time passcode against a WiKID Strong
> Authentication server via radius.  We found that PAM passed the AD
> password to our OTP server, which failed.  We have added a pam option
> "always prompt" in the attached code.  This will force a "WiKID
> passcode:" prompt regardless of any previous password entry. This can
> be changed, of course.
>
Better to lead with the OTP as then you fend off brute force and 
dictionary attacks.

Cheers

-- 
Alexander Clouter
.sigmonster says: If you had any brains, you'd be dangerous.




More information about the Freeradius-Users mailing list