Freeradius and 2 Factor Authentication
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Jun 3 15:28:20 CEST 2016
> On 3 Jun 2016, at 05:47, Stefan Paetow <Stefan.Paetow at jisc.ac.uk> wrote:
>
>> We actually have a commercial OTP solution via SafeNet, but it's a bit long in the tooth and also only supports PAP. However, I opened a ticket today and their newer versions actually support MSChapv2 so that might be the way to go if converting our token licenses isn't too ridiculous in cost.
>
> It may not be useful yet in this respect, but we've strongly encouraged Safenet to move to FR 3 on their solution (their custom rlm_* module) to allow them to take advantage of newer developments.
Just get them to expose a REST API.
There's very little point in having a C module for something as ephemeral as an OTP solution.
The only exceptions are RSA, because they're so inflexible the only way to do anything is with their magic protocol.
Yubikey, because validation can be performed on the server itself, so there's a real advantage to having a local native C module.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160603/4cef1c0b/attachment.sig>
More information about the Freeradius-Users
mailing list