freeradius OTP with OATH
Thomas Glanzmann
thomas at glanzmann.de
Fri Sep 7 18:20:41 CEST 2012
Hello Henk,
> I've looked closely at your video and accomplishment with smsotp,
> congrats!
thank you. However the video shows something that is outdated. I now
wrote a perl module for rlm_perl which does it much better without all
the moving parts.
> Did you also had a look at OATH TOTP instead of SMS authentication?
> This is a RFC (http://tools.ietf.org/html/rfc6238) as you may know. A
> user installs an app on their phone which implements this RFC (e.g.
> Google Authenticator) and it acts as a soft token.
I did and evaluated it together with RADIUS.
> I've got this running with freeradius and the google authenticator PAM
> module. The downside of PAM is the lack of challenge-access and
> response support (AFAIK).
If you want a challenge response integration like the user first needs
to authenticate with username and password and than gets a challenge and
needs to answer with a response that is possible. You could also tweak
it that you leave the first step out.
Just have a look at the rlm_perl implementation in
http://thomas.glanzmann.de/smsotpd.2012-08-16.tar.bz2
> Do you know of anything that supports OATH and TOTP natively with
> freeradius and can be used with the access-challenge/response system
> (or am I wrong about PAM not supporting that feature)?
I think there was a module, but I don't recall, maybe ask the FreeRadius
List, or grep in the modules directory. I take it on CC.
Cheers,
Thomas
More information about the Freeradius-Users
mailing list