On Tue, Apr 28, 2020 at 8:47 AM Santiago Garcia Mantinan <[email protected]> wrote:
> Hi! > > Reading the doc I found out that radius is available as a password > verification method, and that there are several second authentication > factors available, however I haven't seen the usage of radius as a second > factor of authentication working like the TOTP extension works. > > I believe that adding radius as a second factor allows one to use the > backend of his choice through the radius without having to implement such > factor directly on guacamole. > > I'd like to hear what you think of this, maybe as you already have radius > auth implemented this is an easy job and provides enough functionality for > ot te be implemented on future versions? > > The RADIUS extension already supports the Challenge/Response method that many RADIUS servers implement for adding a second factor to authentication. This might be a little different than the use case you're thinking about, with RADIUS as just the second factor, but it does work for 2FA authentication. I have configurations of Guacamole currently that use both LinOTP + RADIUS, as well as Azure MFA + RADIUS, to do two factor authentication. In the first case, with LinOTP, I use a PIN plus the Google Authenticator app with a six digit number. For the second case, with Azure MFA, I log in with AD credentials and then receive the prompt in the Azure authenticator app on my phone. -Nick
