|
| From: | Hailu Meng |
| Subject: | Re: [OATH-Toolkit-help] Anyone tried oath toolkit with Free Radius? |
| Date: | Tue, 7 Jun 2011 16:41:09 -0500 |
Thanks a lot Christian. That's the way it should work. More detail on what I want to do:
I want user use active directory information first and then OTP second. So muy thinking is Cisco ASA use RADIUS to talk to freeradius server. The freeradius server talks to the PAM in the server itself. The PAM stack puts active directory first and then oath. I think this should work. Let me try and get you guys back.
LouOn Tue, Jun 7, 2011 at 3:51 PM, Christian Hesse <address@hidden> wrote:
Hailu Meng <address@hidden> on Tue, 7 Jun 2011 13:57:51 -0500:
That should be possible...> Hi All,
>
> My plan is to integrate oath toolkit with free radius server. Then we can
> run otp authentication over radius. So any client supporting radius can use
> otp authentication. Like Cisco ASA. We can put Radius server for
> authentication. Freeradius talk to oath-toolkit for otp authentication.
Just enable pam authentication module, should be something like this
in /etc/raddb/sites-enabled/default (or where ever your distribution places
it):
[...]
authenticate {
[...]
pam
[...]
}
[...]
Then edit /etc/raddb/modules/pam:
pam {
pam_auth = radiusd
}
And make your settings for pam_oath.so in /etc/pam.d/freeradius.
Ok, freeradius is a monster... Probably you need some more settings... But
that's the way to go. Let us know if it works!
--
Schoene Gruesse
Chris
| [Prev in Thread] | Current Thread | [Next in Thread] |