Freeradius and 2 Factor Authentication

Arran Cudbard-Bell a.cudbardb at
Fri Jun 3 15:28:20 CEST 2016

> On 3 Jun 2016, at 05:47, Stefan Paetow <Stefan.Paetow at> wrote:
>> We actually have a commercial OTP solution via SafeNet, but it's a bit long in the tooth and also only supports PAP.  However, I opened a ticket today and their newer versions actually support MSChapv2 so that might be the way to go if converting our token licenses isn't too ridiculous in cost.
> It may not be useful yet in this respect, but we've strongly encouraged Safenet to move to FR 3 on their solution (their custom rlm_* module) to allow them to take advantage of newer developments.

Just get them to expose a REST API.

There's very little point in having a C module for something as ephemeral as an OTP solution.

The only exceptions are RSA, because they're so inflexible the only way to do anything is with their magic protocol.

Yubikey, because validation can be performed on the server itself, so there's a real advantage to having a local native C module.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list