[RADIATOR] two factor authentication
Alexander Hartmaier
alexander.hartmaier at t-systems.at
Tue Jan 17 12:13:47 CST 2012
Hi list,
I'm trying to implement a two factor auth where the user has to enter
his Active Directory credentials.
Radiator checks those against the AD, if successful creates an OTP and
sends that to the mobile phone number fetched from the AD.
A challenge is returned to the NAS.
My problem is that I can't distinguish the initial request and the
challenge response which should skip the AD auth because this time the
password field holds the OTP response.
By looking at the radius packets with tcpdump I couldn't find a
difference in the radius attributes sent that let me write two different
handlers.
Ideas?
--
Best regards, Alexander Hartmaier
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list