[RADIATOR] Combining AuthSQLTOTP with other authication sources
Hugh Irvine
hugh at open.com.au
Sun Aug 3 18:03:30 CDT 2014
Hello Tom -
There is an example of how to do this sort of thing in:
goodies/digipassStatic.txt and goodies/digipassStatic.cfg
regards
Hugh
On 3 Aug 2014, at 22:19, Thomas Neumann <tn_radiator at net-guru.org> wrote:
> I'd like to use AuthSQLTOTP (or maybe also AuthSQLHOTP for that matter)
> in a way where the static password (PIN) is not stored in AuthSQLTOTP's
> SQL table but is verified against another auth source, such as existing
> Active Directory accounts checked by AuthLDAP2.
>
> Any idea if/how that might work?
>
>> From looking at the source I think it's currently not possible, even if
> I were to chain Authby LDAP2 and Authby SQLTOTP in one handler and use
> ContinueUntilReject or something like that, because Authby LDAP2 would
> need to know that it must strip the OTP part of the password (say the
> last six chars) before it checks the password against LDAP, and later on
> Authby SQLTOTP would insist on having the user in its own SQL user table.
>
> To solve this in the most flexible way would require a method of
> stripping the OTP part (last N chars) from the password before it gets
> handled by some other auth method (LDAP2 or anything else that can check
> static passwords) and SQLTOTP would need to be modified to use its SQL
> table for bookkeeping (per-user num of failed logins, brute-force
> defense, ...) only, not as a primary source of usernames and static
> passwords.
>
> Any idea on how to solve this?
>
>
> --Tom
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list