[RADIATOR] Combining AuthSQLTOTP with other authication sources

Heikki Vatiainen hvn at open.com.au
Thu Aug 7 07:16:43 CDT 2014


On 08/04/2014 10:13 AM, Thomas Neumann wrote:

> extension), then I'll implement a small script that uses ldapsearch to
> fetch all AD users below a given OU that have the employeeNumber field
> set and belong to some "OTP-Login" group in AD and the fetched username
> and matching OTP secret (from the employeeNumber attribute) will be
> stored in the SQLTOTP table if not already present.

One variation might be to query LDAP for the emploeeNumber and other OTP
related attributes when the password check is done. A hook could then
add the information in SQLTOTP table before continuing with the rest of
the authentication.

You would still require cleanup for users that are no longer present,
but the SQL table would not need to contain the users that are not
active TOTP users.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list