Hello Henk, > I've looked closely at your video and accomplishment with smsotp, > congrats!
thank you. However the video shows something that is outdated. I now wrote a perl module for rlm_perl which does it much better without all the moving parts. > Did you also had a look at OATH TOTP instead of SMS authentication? > This is a RFC (http://tools.ietf.org/html/rfc6238) as you may know. A > user installs an app on their phone which implements this RFC (e.g. > Google Authenticator) and it acts as a soft token. I did and evaluated it together with RADIUS. > I've got this running with freeradius and the google authenticator PAM > module. The downside of PAM is the lack of challenge-access and > response support (AFAIK). If you want a challenge response integration like the user first needs to authenticate with username and password and than gets a challenge and needs to answer with a response that is possible. You could also tweak it that you leave the first step out. Just have a look at the rlm_perl implementation in http://thomas.glanzmann.de/smsotpd.2012-08-16.tar.bz2 > Do you know of anything that supports OATH and TOTP natively with > freeradius and can be used with the access-challenge/response system > (or am I wrong about PAM not supporting that feature)? I think there was a module, but I don't recall, maybe ask the FreeRadius List, or grep in the modules directory. I take it on CC. Cheers, Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
