[RADIATOR] Combining AuthBy ldap2 and AuthBy yubikeysql

Heikki Vatiainen hvn at open.com.au
Thu Nov 17 16:46:42 CST 2011 

On 11/17/2011 12:24 AM, jm wrote:

Hello Jeff,

thanks for the clear explanation. After looking at a couple of different
possibilities, I think the example in goodies/digipassStatic.cfg should
do the trick.

It shows how to make a different password available for two different
types of AuthBys based on the received User-Password.

Please let us know how it goes.

Thanks!
Heikki


> I'm currently evaluating Radiator to see how suitable it is as a two 
> factor authentication mechanism.  The current test, that I'm stuck on, 
> is to authenticate a two factor password ( given in the form static:otp 
> to the server) against two different sources. The static part against an 
> ldap server that already exists and the dynamic OTP part against the 
> mysql back end. So far. I've been able to,
> 
> 1) auth the yubikeys against a mysql database using AuthBy YUBIKEY.
> 2) auth static:yubikey against a mysql database using AuthBy YUBIKEY.
> 3) auth a static only password against ldap using ServerChecksPassword 
> using AuthBy LDAP2
> 
> When it comes to attempting an AuthBy LDAP2 followed by an AuthBy 
> YUBIKEY I can't see anything in the documentation anything about how to 
> split the password into parts. I found TranslatePasswordHook but this 
> seem to be predicate on the password being in the ldap database rather 
> than being called before the bind attempt. Is there a command or a hook 
> I can use on a per AuthBy basis to split the password?
> 
> Jeff.
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list