Hello Sergii,
Is it possible to use OTP with ms-chap authorization?
no, it is _not_.
Cheers,
Thomas
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This is so frustrating :(
How it can be possible to do strong security using reliable passwords and
to have no encryption in the same time.
2013/5/16 Thomas Glanzmann tho...@glanzmann.de
Hello Sergii,
Is it possible to use OTP with ms-chap authorization?
no, it is _not_.
Cheers,
Sergii Bieliaievskyi wrote:
This is so frustrating :(
How it can be possible to do strong security using reliable passwords
and to have no encryption in the same time.
I think you misunderstand the issues.
OTP passwords were created so that it doesn't *require* that the
password be
On 16/05/13 13:44, Sergii Bieliaievskyi wrote:
This is so frustrating :(
How it can be possible to do strong security using reliable passwords
and to have no encryption in the same time.
Because the protocols are old, and badly designed, but are widely
deployed because the vendor (Microsoft)
2013/5/16 Alan DeKok al...@deployingradius.com
Sergii Bieliaievskyi wrote:
This is so frustrating :(
How it can be possible to do strong security using reliable passwords
and to have no encryption in the same time.
I think you misunderstand the issues.
OTP passwords were created so
I want to change my security strategy.
It would be better to user two step verification by google. There
is google-authenticator (http://code.google.com/p/google-authenticator/)
but it checks users in local database /etc/passwd and so on.
How should I synchronize my unix box with corporate google
Sergii Bieliaievskyi wrote:
But only ms-chap supports data encryption. I want to use OTP and MPPE
simulteniosly. But MPPE without ms-chap cann`t exist. Am I right?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 16/05/13 14:27, Sergii Bieliaievskyi wrote:
2013/5/16 Alan DeKok al...@deployingradius.com
mailto:al...@deployingradius.com
Sergii Bieliaievskyi wrote:
This is so frustrating :(
How it can be possible to do strong security using reliable passwords
and to have no
On 16 May 2013, at 09:27, Sergii Bieliaievskyi s.bieliaievs...@sethq.com
wrote:
2013/5/16 Alan DeKok al...@deployingradius.com
Sergii Bieliaievskyi wrote:
This is so frustrating :(
How it can be possible to do strong security using reliable passwords
and to have no encryption in the
Sergii Bieliaievskyi wrote:
I want to change my security strategy.
I think you're taking the wrong approach. You don't get security by
using a bunch of security software. You get security by understanding
the risks, and working to minimize them.
It would be better to user two step
2013/5/16 Alan DeKok al...@deployingradius.com
Sergii Bieliaievskyi wrote:
But only ms-chap supports data encryption. I want to use OTP and MPPE
simulteniosly. But MPPE without ms-chap cann`t exist. Am I right?
Yes.
So OTP is useless I donn`t need system with strong password and
2013/5/16 Arran Cudbard-Bell a.cudba...@freeradius.org
What are you actually trying to use this with?
802.1X/WPA2-Enterprise or for VPN authentication.
VPN authentication.
And it should be multiplatform VPN. PPTP is supported by almost every
vendors. I can establish PPTP connection from
2013/5/16 Phil Mayers p.may...@imperial.ac.uk
No.
MPPE requires encryption keys. These can be generated by whatever auth
method.
If you use plain MSCHAP, MSCHAP generates them.
Can you provide more information how can i do that? Or where can i read
about that?
Thnx.
--
PPTP is broken [1]. OpenVPN (for which there are clients for Android,
iPhone, MacOS, Linux, Windows) is not. OpenVPN will use TLS certificates as
well as other centrally managed authentication based systems (e.g. Radius,
MOTP, maybe Google Authenticator?) to authenticate and authorize. There are
On 16/05/13 15:45, Sergii Bieliaievskyi wrote:
2013/5/16 Phil Mayers p.may...@imperial.ac.uk
mailto:p.may...@imperial.ac.uk
No.
MPPE requires encryption keys. These can be generated by whatever
auth method.
If you use plain MSCHAP, MSCHAP generates them.
Can you provide
On Thu, May 16, 2013 at 11:18 AM, Phil Mayers p.may...@imperial.ac.ukwrote:
On 16/05/13 15:45, Sergii Bieliaievskyi wrote:
2013/5/16 Phil Mayers p.may...@imperial.ac.uk
mailto:p.may...@imperial.ac.**uk p.may...@imperial.ac.uk
No.
MPPE requires encryption keys. These can be
Is it possible to use OTP with ms-chap authorization? Because any other
methods don`t support encryption for example MPPE. With PAP OTP works fine
but with ms-chap cann`t authenticate.
2013/5/14 Jon Spriggs j...@sprig.gs
MOTP-AS uses plain-text credentials right now, but I'm still integrating
As I sad before I am sure that smsotp_socket exists and has appropiate
permission. So smsotpd is running. There are 2 different variant of running
smsotpd.
1) smsotpd.pl
2) binary file. I made some efforts to compile them under FreeBSD.
Any other guessing?
May be somebody can advise more systems
On Tue, May 14, 2013 at 1:06 PM, Sergii Bieliaievskyi
s.bieliaievs...@sethq.com wrote:
As I sad before I am sure that smsotp_socket exists and has appropiate
permission. So smsotpd is running. There are 2 different variant of
running smsotpd.
1) smsotpd.pl
2) binary file. I made some
:) I am using FreeBSD distro.
People! Help me please. I will take into consideration any suggestion
concern OTP, any open source project, just anything.
2013/5/14 Fajar A. Nugraha l...@fajar.net
On Tue, May 14, 2013 at 1:06 PM, Sergii Bieliaievskyi
s.bieliaievs...@sethq.com wrote:
As
On Tue, May 14, 2013 at 1:53 PM, Sergii Bieliaievskyi
s.bieliaievs...@sethq.com wrote:
:) I am using FreeBSD distro.
Ouch, wonder how I could missed that :P
People! Help me please. I will take into consideration any suggestion
concern OTP, any open source project, just anything.
Am Dienstag, 14. Mai 2013, 09:53:30 schrieb Sergii Bieliaievskyi:
:) I am using FreeBSD distro.
People! Help me please. I will take into consideration any suggestion
concern OTP, any open source project, just anything.
I tried motp. Works nice. You can install the otp generator on your
I am reading about MOTP and realy hope to implement its in my network.
Could I count on your help if i will have a difficulties?
Thanks in advance
2013/5/14 Michael Schwartzkopff m...@sys4.de
**
Am Dienstag, 14. Mai 2013, 09:53:30 schrieb Sergii Bieliaievskyi:
:) I am using FreeBSD
I'm the current project lead for the MOTP-AS project [1], so I'm happy to
help with anything relating to that project (off this list, unless it's
directly FR related) :)
[1] https://github.com/MOTP-AS/MOTP-AS
--
Jon The Nice Guy Spriggs
On 14 May 2013 08:26, Sergii Bieliaievskyi
I am so sorry. May be i should take a look on MOTP-AS more deeply
2013/5/14 Jon Spriggs j...@sprig.gs
I'm the current project lead for the MOTP-AS project [1], so I'm happy to
help with anything relating to that project (off this list, unless it's
directly FR related) :)
[1]
Hello Sergii,
don't use the C daemon it has to many moving parts. I later wrote a perl
module which is easy to use.
See:
http://thomas.glanzmann.de/smsotpd.2012-10-05.tar.bz2
Follow the instructions in smsotpd.2012-10-05/rlm_perl/README
If you have any further questions, let me know, but this
2013/5/14 Michael Schwartzkopff m...@sys4.de
**
I tried motp. Works nice. You can install the otp generator on your
smartphone. See:
http://sys4.de/en/blog/2013/03/16/otp-freeradius/
What type of authorization do you use(PAP CHAP MS-CHAP) for OTP?
--
--
Am Dienstag, 14. Mai 2013, 10:26:17 schrieb Sergii Bieliaievskyi:
I am reading about MOTP and realy hope to implement its in my network.
Could I count on your help if i will have a difficulties?
Of course. That is what the mailing list exists for.
On the other hand I earn my money with
MOTP-AS uses plain-text credentials right now, but I'm still integrating
myself properly into the project, and I've not really experimented with any
other modes.
--
Jon The Nice Guy Spriggs
On 14 May 2013 15:49, Sergii Bieliaievskyi s.bieliaievs...@sethq.comwrote:
2013/5/14 Michael
Hi Sergii,
if one day you not only would want to use motp but also other token
types like HOTP, TOTP, SMS or OCRA tokens, you might want to take a look
at LinOTP (http://linotp.org), which also integrates well with FreeRADIUS.
OK, to be honest we try to make our living selling licenses and
Hello.
I am new here. And my first message concerns One-Time password
authentication. I have a problem with installing rlm_smsotp +
http://wiki.freeradius.org/modules/Rlm_smsotp. I am always getting an error
/var/run/smsotp_socket No such file or directory. I am sure that
smsotp_socket exists and
On Mon, May 13, 2013 at 8:58 PM, Sergii Bieliaievskyi
s.bieliaievs...@sethq.com wrote:
Hello.
I am new here. And my first message concerns One-Time password
authentication. I have a problem with installing rlm_smsotp +
http://wiki.freeradius.org/modules/Rlm_smsotp. I am always getting an
32 matches
Mail list logo