Nick Owen <no...@wikidsystems.com> wrote: > > We recently had a customer that wanted to check a password against AD > via kerberos and then an one-time passcode against a WiKID Strong > Authentication server via radius. We found that PAM passed the AD > password to our OTP server, which failed. We have added a pam option > "always prompt" in the attached code. This will force a "WiKID > passcode:" prompt regardless of any previous password entry. This can > be changed, of course. > Better to lead with the OTP as then you fend off brute force and dictionary attacks.
Cheers -- Alexander Clouter .sigmonster says: If you had any brains, you'd be dangerous. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html