FreeRADIUS with custom multi-factor authentication
eero.volotinen at iki.fi
Wed Feb 13 17:37:33 CET 2019
Check this out: https://wiki.freeradius.org/modules/Rlm_smsotp
On Wed, Feb 13, 2019 at 6:16 PM Clint Lord <clint at voodoocube.com> wrote:
> We are evaluating FreeRADIUS as a possible solution but we have a very
> specific authentication workflow and aren’t sure if FreeRADIUS will fit our
> needs. We’ve searched the documentation for insights into how we might
> accomplish our goals, but haven’t seen anything that quite matches up.
> Here is our workflow:
> 1. The user enters their username and password.
> 2. The system calls a web service to validate the username and password.
> 3. If the username and password are valid, and the user’s account has MFA
> a. The MFA method is executed (ex. OTP is sent via SMS message)
> b. The system sends the user a message asking them to enter the
> OTP and allows them to submit the value.
> c. The system validates their response by calling another web
> d. If the response is invalid the system sends another message
> informing them of the failure and allows them to respond again (a few
> All of the account data, username/password authentication and MFA
> processing is done behind web services, we just need FreeRADIUS to allow us
> to go through the multiple request and response steps as we call these web
> We thought we might be able to use rlm_python or rlm_perl to accomplish
> this, but we are only seeing simple “func_authenticate” implementations and
> can’t see how we can facilitate this back and forth communication with the
> All we are asking are some pointers or general guidance so we can continue
> our research and determine if FreeRADIUS will meet our needs.
> Thank you for any insights, guidance, links that might help.
> Clint Lord
> The Voodoo Cube
> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users