2 Factor Authetication and EAP-GTC

[Cornelius Kölbel]

Hi Carl,
This heavily depends on your OTP backend.
The problem arises when the OTP is not passed to the radius server, which is the case with all challenge response protocols. Then the backend can not easily predict, which OTP value the user has entered--- due to time drifts (time based) or blank presses (event based). I.e. such backend should check with a bunch of acceptable OTP values.  And this means you need a freeradius module that is capable of communicating with the OTP backend in the right way. 
Kind regards
Cornelius 



Am 09.07.2012 um 07:07 schrieb Carl Pierre <carl.e.pierre at gmail.com>:

> Hello:
> 
> I have recently been made a part of a project in which we intend to use freeradius.
> So far, FR seems to be the ideal tool except for one small issue: 2-Factor Authentication.
>  
> Try as I might, I cannot seem to find any way to set up a multi-factor solution using PEAP.
> So I suppose my question is this: has anyone had any luck using EAP and challenging the 
> user to enter some sort of OTP? I know that EAP-GTC is meant to do this, but the meager
> documentation I have on it does not give too much detail.
> 
> Regards
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html