[RADIATOR] Two-factor auth integration

Heikki Vatiainen hvn at open.com.au
Fri Dec 11 13:27:40 CST 2015


On 12/10/2015 05:32 PM, Nick Owen wrote:

> About 5 years ago, the good people at OSC tested integration between
> Radiator and our 2FA server.  I am just curious if this config would
> still work:  https://www.wikidsystems.com/support/wikid-support-center/how-to/how-to-use-wikid-strong-authentication-with-oscs-radiator.

It looks good. There's one change you might want to do: remove
'DupInterval 0'. People seem to be forgetting it in their configuration
files and it's seldom needed during testing any longer either.

> If not, any guidance is appreciated.

We often recommend Handlers instead of Realms too. In a short
configuration file, like the one above, Realms are just fine. If the
configuration file is more complex, Handlers give more flexibility. They
can, for example, match requests based on RADIUS clients or request
attributes.

The change is simply this:
- <Realm wikid.realm> becomes <Handler Realm=wikid.realm>
- <Realm DEFAULT> becomes <Handler>
- </Realm> becomes </Handler>

The Handlers are matched in the order they appear in the configuration
file.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list