One question about TOTP. How to ask oath-toolkit to use totp not hotp when I configure pam_oath.so? The readme only give me the example for hotp.
Thanks. Lou On Tue, Jun 7, 2011 at 4:19 PM, Hailu Meng <[email protected]> wrote: > Thanks a lot Christian. That's the way it should work. More detail on what > I want to do: > > I want user use active directory information first and then OTP second. So > muy thinking is Cisco ASA use RADIUS to talk to freeradius server. The > freeradius server talks to the PAM in the server itself. The PAM stack puts > active directory first and then oath. I think this should work. Let me try > and get you guys back. > > Lou > > > On Tue, Jun 7, 2011 at 3:51 PM, Christian Hesse <[email protected]> wrote: > >> Hailu Meng <[email protected]> on Tue, 7 Jun 2011 13:57:51 -0500: >> > Hi All, >> > >> > My plan is to integrate oath toolkit with free radius server. Then we >> can >> > run otp authentication over radius. So any client supporting radius can >> use >> > otp authentication. Like Cisco ASA. We can put Radius server for >> > authentication. Freeradius talk to oath-toolkit for otp authentication. >> >> That should be possible... >> Just enable pam authentication module, should be something like this >> in /etc/raddb/sites-enabled/default (or where ever your distribution >> places >> it): >> >> [...] >> authenticate { >> [...] >> pam >> [...] >> } >> [...] >> >> Then edit /etc/raddb/modules/pam: >> >> pam { >> pam_auth = radiusd >> } >> >> And make your settings for pam_oath.so in /etc/pam.d/freeradius. >> Ok, freeradius is a monster... Probably you need some more settings... But >> that's the way to go. Let us know if it works! >> -- >> Schoene Gruesse >> Chris >> > >
