freeradius and yubikeys
Frederic Van Espen
frederic.ve at gmail.com
Sun May 11 10:01:41 CEST 2014
On Sat, May 10, 2014 at 8:01 PM, Arran Cudbard-Bell
<a.cudbardb at freeradius.org> wrote:
>
> Good catch. Half the original auth code got the passcode from char *passcode, and the other used VALUE_PAIR *request->password *sigh*. Ok, all uses passcode now, should work.
Confirmed working fine now :)
>
> You know you can do the decryption locally right? You don't need to use their servers. The module didn't even have support for ykclient until they grumbled about it.
>
> You can put the shared keys in LDAP as well, you just need to figure out a place to stick the replay counters.
>
I do know :) I'm currently just trying to set up a small prototype,
but admittedly, I haven't done all that much research yet on how to
make things run locally. But I'm really going to use all this in
production, that's certainly the way we'll go.
Thanks a bunch for all your efforts!
Frederic
More information about the Freeradius-Users
mailing list