Howard Chu wrote:
JET JETASIK wrote:
I am investigating 2 factor authentication in which mostly they are radius server actually.
My problem is that most of my applications relying on LDAP auth only.
I am trying to figure out on how to use openldap/contrib/slapd-modules/passwd/radius.c
I did compile and successfully loaded it but not sure how to configure
it.
This is what I put into slapd.conf to load the module:
moduleload pw-radius.so config="/etc/radius.conf"
Firstly I couldn't figure out what exactly is the format of /etc/radius.conf (Mandatory items: Radius server IP& Share Secret)
Read the radius.conf(5) manpage.
Oh! It is just standard radius.conf format actually ?
Secondly the format of userpassword scheme, {RADIUS}XXXXYYY@ZZZ ??
Yes, {RADIUS} followed by whatever your radius server thinks is a valid username.
If by 2-factor authentication you mean some kind of challenge/response method, that will not work. The module has no way to relay the challenge back to the LDAP client, and the LDAP Simple Bind request doesn't support challenge/response type authentication.
Just like that? In my case it is response only, should be ok right? Thanks a lot Howard.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
--- JET JETASIK