FreeRADIUS, OpenLDAP password change and RSA SecurID Next-Token-Mode
Alan DeKok
aland at deployingradius.com
Tue Dec 4 13:43:04 CET 2018
On Dec 4, 2018, at 7:37 AM, michael böhm <ksk2 at gmx.net> wrote:
> Is my elsif(State ...)-statement a robust way to check if this packet
> belongs to a challenge-response of this exact user?
It's:
a) the user specified in the User-Name, and
b) a response to a previous Access-Challenge.
> I want to avoid
> situations where a user might be able to authenticate with just a Token
> and no password.
Unless the user controls the RADIUS client, they can't generate an Access-Request that contains a State attribute.
> We are testing the configuration now. Thank you very much for your
> help!
You're welcome.
Alan DeKok.
More information about the Freeradius-Users
mailing list