RADIUS OTP auth with Apache
owen.nick at gmail.com
Thu Apr 13 00:11:27 CEST 2017
Here's the list of apache/two-factor authentication tutorials I have
It's been awhile, tbh. I remember having an issue with mod_auth_radius
and switching to Mod_auth_xradius. IIRC, the issues with
mod_auth_radius have been fixed, but I am not really sure of that. My
issues were around session management, but a bit different than yours.
Now mod_auth_xradius is a bit dated. Anyway, hope it helps in some
On Wed, Apr 12, 2017 at 11:02 AM, Scholz, Dieter <rd-disc at gmx.net> wrote:
> thanks for your fast reply.
>>> - Is there a solution for the cookie not getting deleted when using the
>>> libapache2-mod-auth-radius module?
>> This is a browser problem.
> I used all major Browsers for my tests (Chrome, Firefox, IE). So it's hard
> for me to imagine that the browser is the problem.
>>> - Is there another way to auth against a radius server (or the linotp
>>> server) that works?
>> The problem is the browser and how it handles cookies (especially given
>> that the 'incognito' mode shows it functions correctly. Sort the cookie
>> problem out and the method of how you authenticate (with mod-auth-radius)
>> becomes irrelevant?
>> As such, this problem is better addressed in an Apache mailing list, not
> I scanned the sourcecode of the radius auth module. The cookie and it's type
> is set by the module and you manipulate the validity time using module
> instructions (AuthRadiusCookieValid). So what should Apache do? Manipulate
> the cookie? Sorry, but it seems I do not completly understand your answer.
> Is there somone who is using an Apache/Radius configuration and is willing
> to share the Apache config?
> Regards, Dieter
> List info/subscribe/unsubscribe? See
WiKID Systems, Inc
On-premises Two-Factor Authentication
More information about the Freeradius-Users