Norbert Wegener wrote:
Alan DeKok wrote:
Norbert Wegener wrote:
It should be simple to generate a one time password, throw it into a
database,send it via sms and make it available for the next time, the
user requests access. The problem here seems to be, that after a first
successfull authentication another one with only a new password but the
already entered username has to be done.
Can this be realised with an actual freeradius? If so: Where can I find
documentation about it?
You first need to define what you mean by "successful authentication".
Is it sending an Access-Accept? Or receiving an Accounting start for
that user?
The box I am talking about is a Juniper vpn gateway. There they have
Custom Radius Authentication Rules and in the configuration menu there is:
If received packet Type :Access Challenge
Take action: Show Next Token page
Now it seems to me, that after providing the correct login/(static)
password combination, not an Access-Accept must be sent, but instead an
Access-Challenge.
Maybe, this can be done using the otpd, but up to now I am searching on
how to realise this.
Anyone any idea?
Norbert Wegener
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
