JET JETASIK wrote:
> I am investigating 2 factor authentication in which mostly they are radius
> server actually.
>
> My problem is that most of my applications relying on LDAP auth only.
>
>
>
> I am trying to figure out on how to use
> openldap/contrib/slapd-modules/passwd/radius.c
>
> I did compile and successfully loaded it but not sure how to configure it.
>
>
>
> This is what I put into slapd.conf to load the module:
>
> moduleload pw-radius.so config="/etc/radius.conf"
>
>
>
> Firstly I couldn’t figure out what exactly is the format of /etc/radius.conf
> (Mandatory items: Radius server IP& Share Secret)
Read the radius.conf(5) manpage.
> Secondly the format of userpassword scheme, {RADIUS}XXXXYYY@ZZZ ??
Yes, {RADIUS} followed by whatever your radius server thinks is a valid
username.
If by 2-factor authentication you mean some kind of challenge/response method,
that will not work. The module has no way to relay the challenge back to the
LDAP client, and the LDAP Simple Bind request doesn't support
challenge/response type authentication.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
