On 03/31/2015 05:30 PM, Andrew Holway wrote:
Hello FreeIPA people,
I must say that FreeIPA v4 looks very pretty and I am looking forward
to trying out the new features.
I'm wondering what application and tools can be used to authenticate
with the OTP in freeipa. For instance, if we wanted to set up a VPN
that uses it how might we go about that? Is there a common library
that I should look out for?
With VPN you usually do the following:
a) Pick a VPN of your choice based on features and needs you have
b) Make sure the VPN server supports different authentication methods.
You need at least RADIUS which is the most popular option and I would be
surprise to find VPN server that does not talk RADIUS to actually do the
c) Setup freeRADIUS server on Fedora 21/RHEL 7.1/Centos 7.1 (when it
happens) box , configure it to do kinit authentication or pam
authentication via SSSD against IPA, see freeRADIUS manuals for more details
d) Connect VPN server to the RADIUS server
e) Provision tokens (or hook IPA to existing OTP solution using another
If you have an application that can use RADIUS in such setup you can use
Also see http://www.freeipa.org/page/Web_App_Authentication how to
enable any web application to take advantage of the IPA authentication
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project