oath-toolkit-help
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OATH-Toolkit-help] Anyone tried oath toolkit with Free Radius?

From: Hailu Meng
Subject: Re: [OATH-Toolkit-help] Anyone tried oath toolkit with Free Radius?
Date: Tue, 7 Jun 2011 16:19:46 -0500
Thanks a lot Christian. That's the way it should work. More detail on what I want to do:

I want user use active directory information first and then OTP second. So muy thinking is Cisco ASA use RADIUS to talk to freeradius server. The freeradius server talks to the PAM in the server itself. The PAM stack puts active directory first and then oath. I think this should work. Let me try and get you guys back.

Lou

On Tue, Jun 7, 2011 at 3:51 PM, Christian Hesse <address@hidden> wrote:
Hailu Meng <address@hidden> on Tue, 7 Jun 2011 13:57:51 -0500:
> Hi All,
>
> My plan is to integrate oath toolkit with free radius server. Then we can
> run otp authentication over radius. So any client supporting radius can use
> otp authentication. Like Cisco ASA. We can put Radius server for
> authentication. Freeradius talk to oath-toolkit for otp authentication.

That should be possible...
Just enable pam authentication module, should be something like this
in /etc/raddb/sites-enabled/default (or where ever your distribution places
it):

[...]
authenticate {
       [...]
       pam
       [...]
}
[...]

Then edit /etc/raddb/modules/pam:

pam {
       pam_auth = radiusd
}

And make your settings for pam_oath.so in /etc/pam.d/freeradius.
Ok, freeradius is a monster... Probably you need some more settings... But
that's the way to go. Let us know if it works!
--
Schoene Gruesse
Chris

reply via email to
[Prev in Thread] Current Thread [Next in Thread]