On Sun, 24 Aug 2014, David R wrote:
I have setup 2 factor authentication on a RADIUS server (OTP). [...] I have found some elements like pw-radius.so, but this is clearly not fully documented. [...] So I was wondering if one of you has ever implemented this kind of solution and how...
I use pw-radius.so for OTP. About the only part that you might have to read the source/ITS for is to learn that the scheme is "RADIUS". So an example userPassword attribute could be "{RADIUS}otpusername" or similar.
Were you able to get started (i.e. as described in contrib/slapd-modules/passwd/README) with pw-radius.so? I realize there's no man page, but there's also no moving parts to document, really. IMO:
1. find a suitable copy (BSD/Juniper-style IIRC) of libradius 2. get the "radtest" program that comes with libradius working 3. compile pw-radius.so against your now-working libradius 4. load same into slapd(8) 5. ldapmodify a userPassword; that should do it.