On 03/31/2015 05:30 PM, Andrew Holway wrote:
Hello FreeIPA people,

I must say that FreeIPA v4 looks very pretty and I am looking forward to trying out the new features.

I'm wondering what application and tools can be used to authenticate with the OTP in freeipa. For instance, if we wanted to set up a VPN that uses it how might we go about that? Is there a common library that I should look out for?

With VPN you usually do the following:
a) Pick a VPN of your choice based on features and needs you have
b) Make sure the VPN server supports different authentication methods. You need at least RADIUS which is the most popular option and I would be surprise to find VPN server that does not talk RADIUS to actually do the authentication. c) Setup freeRADIUS server on Fedora 21/RHEL 7.1/Centos 7.1 (when it happens) box , configure it to do kinit authentication or pam authentication via SSSD against IPA, see freeRADIUS manuals for more details
d) Connect VPN server to the RADIUS server
e) Provision tokens (or hook IPA to existing OTP solution using another RADIUS server)
f) Profit

If you have an application that can use RADIUS in such setup you can use FreeIPA 2FA. Also see http://www.freeipa.org/page/Web_App_Authentication how to enable any web application to take advantage of the IPA authentication including 2FA.



Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to