Freeradius and 2 Factor Authentication
Phil Mayers
p.mayers at imperial.ac.uk
Mon Jun 13 13:59:42 CEST 2016
On 13/06/2016 12:18, Cornelius Kölbel wrote:
>> In reality, cost and vendor support for our most exposed apps (Office
>> 365, web-based SAML/Shibboleth auth) will matter hugely.
>
> Oups, we left the RADIUS track. ;-)
Kind of. I see a RADIUS backend as a perfectly acceptable way of
integrating multiple token types; either by having one backend isolate
the token-type details from the frontends, or having multiple backends
behind a proxy that knows which user goes to which backend.
So I think RADIUS is a hugely useful tool for doing OTP.
This doesn't mean standards like TOTP and HOTP aren't important as well;
they're complementary, not contradictory.
> Are you bound to a certain IdP like ADFS? Have you implemented
That's a complicated question. Like a lot of enterprises we have
multiple paths to authenticate, some legacy, some newer, and a mix of
web- and other protocols.
Since it's not RADIUS related, I won't go into it here, but thanks for
the pointers.
More information about the Freeradius-Users
mailing list