Normal & one-time password at the same time
Hi, I currently have my user's password stored in a postgresql database. For each user there's a record in radcheck with the User-Password attribute. I would like to implement OTP (one-time password) and I tried to add a seconds record with the User-Password attribute for each user in radcheck. It seems that FreeRadius only allows the user if he enters the password from the record with the highest id. Are there any possibilities to do such thing for OTPs, so that the user can either login with his real password or with his OTP? -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Normal & one-time password at the same time
Thor Spruyt wrote:
> I would like to implement OTP (one-time password) and I tried to add a
> seconds record with the User-Password attribute for each user in
> radcheck. It seems that FreeRadius only allows the user if he enters
> the password from the record with the highest id.
>
> Are there any possibilities to do such thing for OTPs, so that the
> user can either login with his real password or with his OTP?
I now found a way that seems to work. I created an additional sql { } and
added it to the authorize section.
The seems to work, but I'm wondering if it's a good way to do this or are
there better ways?
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Normal & one-time password at the same time
Thor Spruyt wrote:
> I now found a way that seems to work. I created an additional sql { }
> and added it to the authorize section.
> The seems to work, but I'm wondering if it's a good way to do this or
> are there better ways?
Huh... I found something nice accidentally...
rlm_sql_postgresql: query: SELECT id, UserName, Attribute, Value, Op ??FROM
radcheck2 ??WHERE Username = 'thor' ??ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: affected rows =
rlm_sql: The 'op' field for attribute 'User-Password = xxx' is NULL, or
non-existent.
rlm_sql: You MUST FIX THIS if you want the configuration to behave as you
expect.
So leaving the op field empty will result in FreeRadius trying to match both
retrieved passwords!
Am I doing something stupid here?
--
Regards,
Thor Spruyt
E: [EMAIL PROTECTED]
W: www.thor-spruyt.com
M: +32 (0)475 67 22 65
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Normal & one-time password at the same time
Thor Spruyt wrote: > So leaving the op field empty will result in FreeRadius trying to > match both retrieved passwords! > Am I doing something stupid here? Never mind... it doesn't work :( -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
