Freeradius and 2 Factor Authentication
Cornelius Kölbel
cornelius.koelbel at netknights.it
Thu Jun 2 22:33:00 CEST 2016
Am Donnerstag, den 02.06.2016, 15:58 -0400 schrieb Arran Cudbard-Bell:
> > We actually have a commercial OTP solution via SafeNet, but it's a bit long in the tooth and also only supports PAP. However, I opened a ticket today and their newer versions actually support MSChapv2 so that might be the way to go if converting our token licenses isn't too ridiculous in cost.
>
> Anything that'll give you the plaintext password from the OTP server back will work with MSCHAPv2.
The OTP server could return the plain text OTP password. But this is
only the 2nd factor. It will not return the LDAP user password, which is
the 1st factor.
So in a setup were you have two steps of authentication, this will work.
But often the password and OTP are entered in conjunction. This will
fail.
Kind regards
Cornelius
>
> -Arran
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Cornelius Kölbel
cornelius.koelbel at netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160602/7813c4aa/attachment.sig>
More information about the Freeradius-Users
mailing list