Hi Carl,
This heavily depends on your OTP backend.
The problem arises when the OTP is not passed to the radius server, which is
the case with all challenge response protocols. Then the backend can not easily
predict, which OTP value the user has entered--- due to time drifts (time
based) or blank presses (event based). I.e. such backend should check with a
bunch of acceptable OTP values. And this means you need a freeradius module
that is capable of communicating with the OTP backend in the right way.
Kind regards
Cornelius
Am 09.07.2012 um 07:07 schrieb Carl Pierre carl.e.pie...@gmail.com:
Hello:
I have recently been made a part of a project in which we intend to use
freeradius.
So far, FR seems to be the ideal tool except for one small issue: 2-Factor
Authentication.
Try as I might, I cannot seem to find any way to set up a multi-factor
solution using PEAP.
So I suppose my question is this: has anyone had any luck using EAP and
challenging the
user to enter some sort of OTP? I know that EAP-GTC is meant to do this, but
the meager
documentation I have on it does not give too much detail.
Regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html