freeradius and yubikeys
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri May 9 15:52:33 CEST 2014
On 9 May 2014, at 14:42, Frederic Van Espen <frederic.ve at gmail.com> wrote:
> On Fri, May 9, 2014 at 2:32 PM, Arran Cudbard-Bell
> <a.cudbardb at freeradius.org> wrote:
>> Oops. It's more like
>>
>> authorize {
>> # 44 is OTP len + ID Len
>> if (User-Password =~ /^(.*)([cbdefghijklnrtuv]{44})$/) {
>> update request {
>> User-Password = "%{2}"
>> }
>> yubikey.authenticate
>
> Perfect! That was the missing bit! Thank you sir!
nice!
> It is now authenticating the yubikey OTP. Afterwards it fetches the
> crypt password from ldap which is then verify using PAP in the
> authenticate section.
I've fixed it in v3.0.x HEAD (which will become 3.0.3 very soon) so that
it just works. If you could test it'd be very much appreciated :)
For your setup with LDAP and crypt, it'd be something like:
authorize {
yubikey
ldap
}
authenticate {
Auth-Type yubikey {
yubikey
pap
}
}
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140509/38005580/attachment.pgp>
More information about the Freeradius-Users
mailing list