18 Aug
2012
18 Aug
'12
6:10 a.m.
Howard Chu wrote:
JET JETASIK wrote:
I am investigating 2 factor authentication in which mostly they are radius server actually.
My problem is that most of my applications relying on LDAP auth only.
If by 2-factor authentication you mean some kind of challenge/response method, that will not work. The module has no way to relay the challenge back to the LDAP client, and the LDAP Simple Bind request doesn't support challenge/response type authentication.
IIRC the RADIUS service of RSA SecurID accepted the personal token PIN and the OTP concantenated in a single RADIUS request. No need for extra challenge response PDUs in this case. But it feels like 2-factor authc for the user.
Ciao, Michael.