Yes, it works this way. But the requirements are for a two phase authentication.
Sent from my iPhone On Jul 8, 2011, at 2:11 AM, "Fajar A. Nugraha" <l...@fajar.net> wrote: > On Fri, Jul 8, 2011 at 10:14 AM, Jamshid Abedi <udptele...@gmail.com> wrote: >> Hello, >> >> I've got Mobile OTP to work with FreeRadius, I'd like to take this one step >> further and turn this into a two phase process. The objective is to first >> take the pin, authenticate that and then communicate to the NAS with a >> challenge to receive the OTP from the user. I think this can be done via an >> access-challenge reply to the NAS. My question is how do I get FreeNAS to >> send an Access-Challenge once it has verified the PIN is correct? If anyone >> can kindly give me some hints or point me in the right direction. > > IMHO the simplest way would be just concatenate them together. e.g. if: > - your pin is 4 digits > - your OTP is 12 digits > - you use PAP > > then you can ask your users to put the 4 digit pin followed by 12 > digit OTP, so the password will be 16 digits. And since you use PAP, > you get User-Password attribute in the request which can easly be > split using unlang/regex into two components, which you can then > verifiy. > > -- > Fajar > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html