[RADIATOR] Combining AuthSQLTOTP with other authication sources

Hugh Irvine hugh at open.com.au
Sun Aug 3 18:03:30 CDT 2014

Hello Tom -

There is an example of how to do this sort of thing in:

	goodies/digipassStatic.txt and goodies/digipassStatic.cfg



On 3 Aug 2014, at 22:19, Thomas Neumann <tn_radiator at net-guru.org> wrote:

> I'd like to use AuthSQLTOTP (or maybe also AuthSQLHOTP for that matter)
> in a way where the static password (PIN) is not stored in AuthSQLTOTP's
> SQL table but is verified against another auth source, such as existing
> Active Directory accounts checked by AuthLDAP2.
> Any idea if/how that might work?
>> From looking at the source I think it's currently not possible, even if
> I were to chain Authby LDAP2 and Authby SQLTOTP in one handler and use
> ContinueUntilReject or something like that, because Authby LDAP2 would
> need to know that it must strip the OTP part of the password (say the
> last six chars) before it checks the password against LDAP, and later on
> Authby SQLTOTP would insist on having the user in its own SQL user table.
> To solve this in the most flexible way would require a method of
> stripping the OTP part (last N chars) from the password before it gets
> handled by some other auth method (LDAP2 or anything else that can check
> static passwords) and SQLTOTP would need to be modified to use its SQL
> table for bookkeeping (per-user num of failed logins, brute-force
> defense, ...) only, not as a primary source of usernames and static
> passwords.
> Any idea on how to solve this?
> --Tom
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list