freeradius and yubikeys

Arran Cudbard-Bell a.cudbardb at
Thu May 8 22:33:02 CEST 2014

On 8 May 2014, at 20:43, Frederic Van Espen < at> wrote:

> On Thu, May 8, 2014 at 3:28 PM, Frederic Van Espen
> < at> wrote:
>> Hello Arran,
>> On Thu, May 8, 2014 at 2:58 PM, Arran Cudbard-Bell
>> <a.cudbardb at> wrote:
>>>> - How are you verifying the OTP's? through PAM or through another module?
>>> How about the rlm_yubikey module, which does both local auth and
>>> auth against a yubico server?
>> As I understood, this one is only available in FreeRADIUS 3.0. I'm
>> currently running 2.1.12 that's included in debian wheezy. If it is
>> not available (yet) for FreeRADIUS 2.1.12, do you think it would be
>> possible/difficult to port it?
>> I'm currently trying out the one by yubico based on rlm_perl. Only,
>> with the current configuration I'm not sure how the normal password
>> can be verfied to our ldap server.
> I figured out how to verify the normal user password, however, the
> question about the rlm_yubikey module still stands :-)

2.2.x is feature frozen. rlm_yubikey also relies on the connection pool
API which is only in 3.0.x which relies on talloc, and other API changes,
so the short answer is no to both...

But why stick with the OS packages? Just do a make deb and you've rolled
your own.

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list