freeradius and yubikeys

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri May 9 15:52:33 CEST 2014


On 9 May 2014, at 14:42, Frederic Van Espen <frederic.ve at gmail.com> wrote:

> On Fri, May 9, 2014 at 2:32 PM, Arran Cudbard-Bell
> <a.cudbardb at freeradius.org> wrote:
>> Oops. It's more like
>> 
>> authorize {
>> # 44 is OTP len + ID Len
>> if (User-Password =~ /^(.*)([cbdefghijklnrtuv]{44})$/) {
>>        update request {
>>                User-Password = "%{2}"
>>        }
>>        yubikey.authenticate
> 
> Perfect! That was the missing bit! Thank you sir!

nice!

> It is now authenticating the yubikey OTP. Afterwards it fetches the
> crypt password from ldap which is then verify using PAP in the
> authenticate section.

I've fixed it in v3.0.x HEAD (which will become 3.0.3 very soon) so that
it just works. If you could test it'd be very much appreciated :)

For your setup with LDAP and crypt, it'd be something like:
authorize {
	yubikey
	ldap
}

authenticate {
	Auth-Type yubikey {
		yubikey
		pap
	}
}

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140509/38005580/attachment.pgp>


More information about the Freeradius-Users mailing list