On Wed, Dec 14, 2011 at 5:39 AM, Sušnik Rudolf <rudolf.sus...@telekom.si> wrote: > Perhaps you may want delivering PIN to user's cellular over SMS. Anyway > Freeradius seems not to be enough, at least you would need some external > database and web server - both for creating and storing PINs. I did the task > using FR, Apache and MySql. As I see, my concept is quite similar to Nick's > one. > > Regards, Rudolf.
If you are considering SMS for authentication, I suggest you consider the risks involved. The carriers are in no way incented to secure user accounts or SMS. It might be fine for many non-critical uses and is better than just a static password, but if you really need strong authentication, you won't get that from SMS. My latest rant and a listing of examples of SMS breachs: http://www.wikidsystems.com/WiKIDBlog/fraudsters-defeat-poor-risk-management-not-two-factor-authentication Sorry to be off-topic... nick > > -----Original Message----- > From: freeradius-users-bounces+rudolf.susnik=telekom...@lists.freeradius.org > [mailto:freeradius-users-bounces+rudolf.susnik=telekom...@lists.freeradius.org] > On Behalf Of Nick Owen > Sent: Tuesday, December 13, 2011 6:58 PM > To: FreeRadius users mailing list > Subject: Re: Freeradius as a PIN server? > > On Tue, Dec 13, 2011 at 11:07 AM, Peter Moreton <peter.more...@cbi.org.uk> > wrote: >> Sorry for the newbie question, but, quite simply, could Freeradius be >> configured to provide a simple 'PIN Server' ? - I want users to be >> able to choose a 4 digit PIN, and then have Freeradius validate Logon >> requests using the username/PIN combination (in addition to some >> separate LDAP >> authentication) >> >> >> >> Really, I am looking to build a lightweight 2-factor authentication >> system, without the expense of RSA SecurID or similar. > > I'm afraid knowledge of a PIN and knowledge of a password is not two-factor > authentication, it is just more of a one-factor authentication. > > Feel free to use our open-source two-factor authentication system: > http://www.wikidsystems.com/community-version. If someone wants to > contribute a freeradius rlm module using one of our api packages, we would > greatly appreciate it: > http://www.wikidsystems.com/downloads/network-clients > > Nick > > -- > -- > Nick Owen > WiKID Systems, Inc. > 404.962.8983 > http://www.wikidsystems.com > Commercial/Open Source Two-Factor Authentication > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html