Freeradius second auth factor
Alan DeKok
aland at deployingradius.com
Fri Dec 20 17:12:59 CET 2019
On Dec 20, 2019, at 8:48 AM, Anton Kiryushkin <swood at fotofor.biz> wrote:
> Nice to get an answer from you.
> The First factor is password stored in DB.
> Second is SMS.
>
> No, it is not for wifi; it is for VPN.
OK, that's good.
> As far as I understand, Cisco ASA
> sends the request to the radius with the final data: login, password,
> OTP-code.
How? That matters.
Usually, people use login name, and then take the 6 digit OTP, and add it to the password, e.g.
User-Name = "bob"
User-Password = "123456my_secret_password"
> The only possible way to auth with the OTP is to generate it via
> phone application like Google Authenticator.
> My question is, does it possible to send an SMS instead of using the
> application.
FreeRADIUS doesn't send SMSs directly. It has to use a third-party application to send SMSs.
Alan DeKok.
More information about the Freeradius-Users
mailing list