[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP authentication using Radius

To: Howard Chu <hyc@symas.com>
Subject: Re: LDAP authentication using Radius
From: Michael Ströder <michael@stroeder.com>
Date: Sat, 18 Aug 2012 15:10:54 +0200
Cc: openldap-technical@openldap.org
In-reply-to: <502AA938.5060303@symas.com>
References: <002601cd7a41$4cb89300$e629b900$@transniaga.co.th> <502AA938.5060303@symas.com>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120715 Firefox/14.0.1 SeaMonkey/2.11

Howard Chu wrote:
> JET JETASIK wrote:
>> I am investigating 2 factor authentication in which mostly they are radius
>> server actually.
>>
>> My problem is that most of my applications relying on LDAP auth only.
> 
> If by 2-factor authentication you mean some kind of challenge/response method,
> that will not work. The module has no way to relay the challenge back to the
> LDAP client, and the LDAP Simple Bind request doesn't support
> challenge/response type authentication.

IIRC the RADIUS service of RSA SecurID accepted the personal token PIN and the
OTP concantenated in a single RADIUS request. No need for extra challenge
response PDUs in this case. But it feels like 2-factor authc for the user.

Ciao, Michael.

References:
- LDAP authentication using Radius
  - From: "JET JETASIK" <jet@transniaga.co.th>
- Re: LDAP authentication using Radius
  - From: Howard Chu <hyc@symas.com>

Prev by Date: How to calculate maxsize for an MBD [was: 2.4.32: mdb stable enough?]
Next by Date: Re: How to calculate maxsize for an MDB [was: 2.4.32: mdb stable enough?]
Index(es):
- Chronological
- Thread