Freeradius and 2 Factor Authentication

Phil Mayers p.mayers at imperial.ac.uk
Mon Jun 13 13:59:42 CEST 2016


On 13/06/2016 12:18, Cornelius K├Âlbel wrote:

>> In reality, cost and vendor support for our most exposed apps (Office
>> 365, web-based SAML/Shibboleth auth) will matter hugely.
>
> Oups, we left the RADIUS track. ;-)

Kind of. I see a RADIUS backend as a perfectly acceptable way of 
integrating multiple token types; either by having one backend isolate 
the token-type details from the frontends, or having multiple backends 
behind a proxy that knows which user goes to which backend.

So I think RADIUS is a hugely useful tool for doing OTP.

This doesn't mean standards like TOTP and HOTP aren't important as well; 
they're complementary, not contradictory.

> Are you bound to a certain IdP like ADFS? Have you implemented

That's a complicated question. Like a lot of enterprises we have 
multiple paths to authenticate, some legacy, some newer, and a mix of 
web- and other protocols.

Since it's not RADIUS related, I won't go into it here, but thanks for 
the pointers.


More information about the Freeradius-Users mailing list