[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP gateway to RADIUS serverf

To: David R <ajrtin@hotmail.com>
Subject: Re: LDAP gateway to RADIUS serverf
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Mon, 8 Sep 2014 11:36:48 -0400 (EDT)
Cc: "openldap-technical@openldap.org" <openldap-technical@openldap.org>
In-reply-to: <DUB125-W725905D35115BF63D38EBDC5DE0@phx.gbl>
References: <DUB125-W725905D35115BF63D38EBDC5DE0@phx.gbl>
User-agent: Alpine 2.02 (SOC 1266 2009-07-14)

On Sun, 24 Aug 2014, David R wrote:

I have setup 2 factor authentication on a RADIUS server (OTP).
[...]
I have found some elements like pw-radius.so, but this is clearly not fully documented.
[...]
So I was wondering if one of you has ever implemented this kind of solution and how...

I use pw-radius.so for OTP. About the only part that you might have toread the source/ITS for is to learn that the scheme is "RADIUS". So anexample userPassword attribute could be "{RADIUS}otpusername" or similar.

Were you able to get started (i.e. as described incontrib/slapd-modules/passwd/README) with pw-radius.so? I realize there'sno man page, but there's also no moving parts to document, really. IMO:


1. find a suitable copy (BSD/Juniper-style IIRC) of libradius
2. get the "radtest" program that comes with libradius working
3. compile pw-radius.so against your now-working libradius
4. load same into slapd(8)
5. ldapmodify a userPassword; that should do it.

Prev by Date: Re: OpenLDAP self-signed certificates issue
Next by Date: Re: OpenLDAP self-signed certificates issue
Index(es):
- Chronological
- Thread