[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: LDAP authentication using Radius
Howard Chu wrote:
>
> JET JETASIK wrote:
> > I am investigating 2 factor authentication in which mostly they are
> > radius server actually.
> >
> > My problem is that most of my applications relying on LDAP auth only.
> >
> >
> >
> > I am trying to figure out on how to use
> > openldap/contrib/slapd-modules/passwd/radius.c
> >
> > I did compile and successfully loaded it but not sure how to configure
it.
> >
> >
> >
> > This is what I put into slapd.conf to load the module:
> >
> > moduleload pw-radius.so config="/etc/radius.conf"
> >
> >
> >
> > Firstly I couldn't figure out what exactly is the format of
> > /etc/radius.conf (Mandatory items: Radius server IP& Share Secret)
>
> Read the radius.conf(5) manpage.
Oh! It is just standard radius.conf format actually ?
> > Secondly the format of userpassword scheme, {RADIUS}XXXXYYY@ZZZ ??
>
> Yes, {RADIUS} followed by whatever your radius server thinks is a valid
> username.
>
> If by 2-factor authentication you mean some kind of challenge/response
> method, that will not work. The module has no way to relay the challenge
> back to the LDAP client, and the LDAP Simple Bind request doesn't support
> challenge/response type authentication.
>
Just like that?
In my case it is response only, should be ok right?
Thanks a lot Howard.
> --
> -- Howard Chu
> CTO, Symas Corp. http://www.symas.com
> Director, Highland Sun http://highlandsun.com/hyc/
> Chief Architect, OpenLDAP http://www.openldap.org/project/
>
> -----
---
JET JETASIK