FreeRADIUS with custom multi-factor authentication

Eero Volotinen eero.volotinen at iki.fi
Wed Feb 13 17:37:33 CET 2019


Hi,

Check this out: https://wiki.freeradius.org/modules/Rlm_smsotp


Eero

On Wed, Feb 13, 2019 at 6:16 PM Clint Lord <clint at voodoocube.com> wrote:

> We are evaluating FreeRADIUS as a possible solution but we have a very
> specific authentication workflow and aren’t sure if FreeRADIUS will fit our
> needs.  We’ve searched the documentation for insights into how we might
> accomplish our goals, but haven’t seen anything that quite matches up.
>
> Here is our workflow:
>
> 1. The user enters their username and password.
> 2. The system calls a web service to validate the username and password.
> 3. If the username and password are valid, and the user’s account has MFA
> enabled:
>         a. The MFA method is executed (ex. OTP is sent via SMS message)
>         b. The system sends the user a message asking them to enter the
> OTP and allows them to submit the value.
>         c. The system validates their response by calling another web
> service.
>         d. If the response is invalid the system sends another message
> informing them of the failure and allows them to respond again (a few
> times).
>
> All of the account data, username/password authentication and MFA
> processing is done behind web services, we just need FreeRADIUS to allow us
> to go through the multiple request and response steps as we call these web
> services.
>
> We thought we might be able to use rlm_python or rlm_perl to accomplish
> this, but we are only seeing simple “func_authenticate” implementations and
> can’t see how we can facilitate this back and forth communication with the
> user.
>
> All we are asking are some pointers or general guidance so we can continue
> our research and determine if FreeRADIUS will meet our needs.
>
> Thank you for any insights, guidance, links that might help.
>
>
> Clint Lord
> The Voodoo Cube
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list