RADIUS OTP auth with Apache

Nick Owen owen.nick at gmail.com
Thu Apr 13 00:11:27 CEST 2017


Here's the list of apache/two-factor authentication tutorials I have
written: https://www.wikidsystems.com/support/how-to/keyword/apache/.
It's been awhile, tbh. I remember having an issue with mod_auth_radius
and switching to Mod_auth_xradius.  IIRC, the issues with
mod_auth_radius have been fixed, but I am not really sure of that. My
issues were around session management, but a bit different than yours.
Now mod_auth_xradius is a bit dated.  Anyway, hope it helps in some


On Wed, Apr 12, 2017 at 11:02 AM, Scholz, Dieter <rd-disc at gmx.net> wrote:
> Hello,
> thanks for your fast reply.
>>> - Is there a solution for the cookie not getting deleted when using the
>>> libapache2-mod-auth-radius module?
>> This is a browser problem.
> I used all major Browsers for my tests (Chrome, Firefox, IE). So it's hard
> for me to imagine that the browser is the problem.
>>> - Is there another way to auth against a radius server (or the linotp
>>> server) that works?
>> The problem is the browser and how it handles cookies (especially given
>> that the 'incognito' mode shows it functions correctly. Sort the cookie
>> problem out and the method of how you authenticate (with mod-auth-radius)
>> becomes irrelevant?
>> As such, this problem is better addressed in an Apache mailing list, not
>> here.
> I scanned the sourcecode of the radius auth module. The cookie and it's type
> is set by the module and you manipulate the validity time using module
> instructions (AuthRadiusCookieValid). So what should Apache do? Manipulate
> the cookie? Sorry, but it seems I do not completly understand your answer.
> Is there somone who is using an Apache/Radius configuration and is willing
> to share the Apache config?
> Regards, Dieter
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

Nick Owen
WiKID Systems, Inc
On-premises Two-Factor Authentication

More information about the Freeradius-Users mailing list