google authenticator and commercial otp
Cornelius Kölbel
cornelius.koelbel at netknights.it
Wed Sep 23 19:14:46 CEST 2015
Hello Mike,
you are right, that a commercial supplier usually want to sell his
hardware tokens.
And if he can't sell his hardware tokens he even wants to sell his
smartphone apps. Yes, licenses per smartphone app in the vendors OTP
backend...
I though you would stick with otpd, which is rather lightweight.
If rlm_otp will be removed I am now suggesting a new solution for you.
I am into the development of privacyIDEA, which is an open source
project to provide a two factor authentication backend for not only OTP,
but also TiQR, SSH keys, x509, (future) Fido U2F...
It also provides a perl module to be used with FreeRADIUS rlm_perl, so
that you can connect it to the freeradius server.
Take a look here http://privacyidea.org and here
http://privacyidea.readthedocs.org. But it is not as lightweight as
otpd.
Kind regards
Cornelius
Am Mittwoch, den 23.09.2015, 12:39 -0400 schrieb Michael A Hawkins:
> Alan said, "There are a number of commercial ones which work. The
> google authenticator also works."
>
> Commercial means I usually (almost always) can't use my own tokens
> sourced from my own token supplier. I liked it that otpd allowed me to
> source tokens from wherever I wanted. All I needed was a supplier with a
> cost effective token and a supplier willing to supply me with the seeds
> too. Commercial suppliers usually lock you into their tokens, their
> servers, their solution or all of the above.
>
> google authenticator doesn't fit in my wallet. I've always believed that
> the least likely item to be lost or misplaced by a user is their own
> wallet. Cell phones, not so much. A users wallet contains stuff that is
> far more important than a cell phone. Cell phones get lost, stolen far
> more often than wallets.
>
> If rlm_otp is to be removed. Against which module would I rewrite otpd
> so that it could continue to work with freeradius? From googling, it
> looks like alot of other otpd solutions out there use a perl module to
> interact with freeradius. Is that the only way? Is there a better way?
>
> Thanks again,
>
> Mike
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Cornelius Kölbel
cornelius.koelbel at netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150923/d024dab8/attachment.sig>
More information about the Freeradius-Users
mailing list