Freeradius second auth factor
Alan DeKok
aland at deployingradius.com
Fri Dec 20 14:39:31 CET 2019
On Dec 20, 2019, at 6:53 AM, Anton Kiryushkin <swood at fotofor.biz> wrote:
>
> I want to configure the second authorisation factor with EAP-type, and md5
> hashed password saved in MySQL.
> I found several modules and services like MultiOTP and Smsotp, but I can't
> understand how to provide the SMS before the authorisation or how to ask
> FreeRadius to wait for the process sends SMS?
You need to configure a module to send the SMS. How that works depends on how the SMS is sent. And only you know that.
> Could you please explain this to me?
What kind of 2 factor auth do you want to do?
To be honest, the only thing that's going to work is TTLS + PAP. Since passwords are stored in MD5 format in the DB, nothing else will work.
But... if this is for WiFi, users will be *very* unhappy if they have to enter a new OTP every time they switch access points. That's just not going to work.
Alan DeKok.
More information about the Freeradius-Users
mailing list