Re: Question about Access-Challenge
On Fri, Jul 8, 2011 at 10:14 AM, Jamshid Abedi udptele...@gmail.com wrote: Hello, I've got Mobile OTP to work with FreeRadius, I'd like to take this one step further and turn this into a two phase process. The objective is to first take the pin, authenticate that and then communicate to the NAS with a challenge to receive the OTP from the user. I think this can be done via an access-challenge reply to the NAS. My question is how do I get FreeNAS to send an Access-Challenge once it has verified the PIN is correct? If anyone can kindly give me some hints or point me in the right direction. IMHO the simplest way would be just concatenate them together. e.g. if: - your pin is 4 digits - your OTP is 12 digits - you use PAP then you can ask your users to put the 4 digit pin followed by 12 digit OTP, so the password will be 16 digits. And since you use PAP, you get User-Password attribute in the request which can easly be split using unlang/regex into two components, which you can then verifiy. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question about Access-Challenge
Yes, it works this way. But the requirements are for a two phase authentication. Sent from my iPhone On Jul 8, 2011, at 2:11 AM, Fajar A. Nugraha l...@fajar.net wrote: On Fri, Jul 8, 2011 at 10:14 AM, Jamshid Abedi udptele...@gmail.com wrote: Hello, I've got Mobile OTP to work with FreeRadius, I'd like to take this one step further and turn this into a two phase process. The objective is to first take the pin, authenticate that and then communicate to the NAS with a challenge to receive the OTP from the user. I think this can be done via an access-challenge reply to the NAS. My question is how do I get FreeNAS to send an Access-Challenge once it has verified the PIN is correct? If anyone can kindly give me some hints or point me in the right direction. IMHO the simplest way would be just concatenate them together. e.g. if: - your pin is 4 digits - your OTP is 12 digits - you use PAP then you can ask your users to put the 4 digit pin followed by 12 digit OTP, so the password will be 16 digits. And since you use PAP, you get User-Password attribute in the request which can easly be split using unlang/regex into two components, which you can then verifiy. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Question about Access-Challenge
Hello, I've got Mobile OTP to work with FreeRadius, I'd like to take this one step further and turn this into a two phase process. The objective is to first take the pin, authenticate that and then communicate to the NAS with a challenge to receive the OTP from the user. I think this can be done via an access-challenge reply to the NAS. My question is how do I get FreeNAS to send an Access-Challenge once it has verified the PIN is correct? If anyone can kindly give me some hints or point me in the right direction. Thank you, JJ Abdi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
