JET JETASIK wrote:
I am investigating 2 factor authentication in which mostly they are radius server actually.
My problem is that most of my applications relying on LDAP auth only.
I am trying to figure out on how to use openldap/contrib/slapd-modules/passwd/radius.c
I did compile and successfully loaded it but not sure how to configure it.
This is what I put into slapd.conf to load the module:
moduleload pw-radius.so config="/etc/radius.conf"
Firstly I couldn’t figure out what exactly is the format of /etc/radius.conf (Mandatory items: Radius server IP& Share Secret)
Read the radius.conf(5) manpage.
Secondly the format of userpassword scheme, {RADIUS}XXXXYYY@ZZZ ??
Yes, {RADIUS} followed by whatever your radius server thinks is a valid username.
If by 2-factor authentication you mean some kind of challenge/response method, that will not work. The module has no way to relay the challenge back to the LDAP client, and the LDAP Simple Bind request doesn't support challenge/response type authentication.