Hello Gert! We mind RADIUS for MFA and password checks. Having RADIUS just checking password+OTP via external MFA works, however any time spent in RADIUS communication for one client session means the traffic to other clients is stuck, that is why I was asking 'what plugin is good'. I wonder if the PAM plugin is really asynchronous by default. Besides OTP, there are MFA mobile applications that require users to press a button on their smartphone for confirmation. In such cases RADIUS will reply when a user pressed the button and thus the entire OpenVPN instance will be stuck for an even longer time. At the moment we are evaluating 'some plugin' with 'that patches' and 'certain build options' to handle RADIUS communication in asynchronous way and will share positive outcomes if any.
Thank you. -- CONFIDENTIALITY NOTICE: This email and files attached to it are confidential. If you are not the intended recipient you are hereby notified that using, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error please notify the sender and delete this email.
_______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
