PAM RADIUS + common name=user scritp
Posted: Wed May 17, 2017 1:51 pm
Im running openvpn OpenVPN 2.3.4 community edition.
we are using the pam-raidus in order to authenticate users with otp, we are trying to pass a certification and we were asked if we could filter logins with certificates. (for example if i steal a user's phone i and i get/know the PIN, i could get the otp and connect with his user, but the server could be able to reject the connection scince i dont have his client certificate).
i found this link (https://serverfault.com/questions/35885 ... in-openvpn) wich allows to match common name from the certificate with username in order to allow connection.
is pam authentication compatible with a script?? or can i change the pam module in order to also use this script??
we are using the pam-raidus in order to authenticate users with otp, we are trying to pass a certification and we were asked if we could filter logins with certificates. (for example if i steal a user's phone i and i get/know the PIN, i could get the otp and connect with his user, but the server could be able to reject the connection scince i dont have his client certificate).
i found this link (https://serverfault.com/questions/35885 ... in-openvpn) wich allows to match common name from the certificate with username in order to allow connection.
is pam authentication compatible with a script?? or can i change the pam module in order to also use this script??