Re: [OATH-Toolkit-help] Anyone tried oath toolkit with Free Radius?

Tue, 07 Jun 2011 22:29:34 -0700 

The lines in /etc/users.oath should start with HOTP/T30 (time bases 30
seconds) or HOTP/T60 (time based 60 seconds).
-- 
Schoene Gruesse
Chris

Hailu Meng <[email protected]> on Tue, 7 Jun 2011 16:41:09 -0500:
> One question about TOTP. How to ask oath-toolkit to use totp not hotp
> when I configure pam_oath.so? The readme only give me the example for
> hotp.
> 
> Thanks.
> 
> Lou
> 
> On Tue, Jun 7, 2011 at 4:19 PM, Hailu Meng <[email protected]>
> wrote:
> 
> > Thanks a lot Christian. That's the way it should work. More detail
> > on what I want to do:
> >
> > I want user use active directory information first and then OTP
> > second. So muy thinking is Cisco ASA use RADIUS to talk to
> > freeradius server. The freeradius server talks to the PAM in the
> > server itself. The PAM stack puts active directory first and then
> > oath. I think this should work. Let me try and get you guys back.
> >
> > Lou
> >
> >
> > On Tue, Jun 7, 2011 at 3:51 PM, Christian Hesse <[email protected]>
> > wrote:
> >
> >> Hailu Meng <[email protected]> on Tue, 7 Jun 2011 13:57:51 -0500:
> >> > Hi All,
> >> >
> >> > My plan is to integrate oath toolkit with free radius server.
> >> > Then we
> >> can
> >> > run otp authentication over radius. So any client supporting
> >> > radius can
> >> use
> >> > otp authentication. Like Cisco ASA. We can put Radius server for
> >> > authentication. Freeradius talk to oath-toolkit for otp
> >> > authentication.
> >>
> >> That should be possible...
> >> Just enable pam authentication module, should be something like
> >> this in /etc/raddb/sites-enabled/default (or where ever your
> >> distribution places
> >> it):
> >>
> >> [...]
> >> authenticate {
> >>        [...]
> >>        pam
> >>        [...]
> >> }
> >> [...]
> >>
> >> Then edit /etc/raddb/modules/pam:
> >>
> >> pam {
> >>        pam_auth = radiusd
> >> }
> >>
> >> And make your settings for pam_oath.so in /etc/pam.d/freeradius.
> >> Ok, freeradius is a monster... Probably you need some more
> >> settings... But that's the way to go. Let us know if it works!
> >> --
> >> Schoene Gruesse
> >> Chris
> >>
> >
> >

Reply via email to