Hi.
I would like our clients to authenticate using:
1. Certificate
2. username/password (LDAP)
3. Radius (for one time password)
Is this possible? Is there a good HOWTO on how to do this? Server is Ubuntu Lucid. I would prefer multiple prompts (for 2 and 3) rather than concatenating the passwords.
thank you
dan
Multi factor authentication
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
krzee
- Forum Team
- Posts: 728
- Joined: Fri Aug 29, 2008 5:42 pm
Re: Multi factor authentication
[07:23] <vpnHelper> krzie: "authpass" is (#1) please see --auth-user-pass-verify in the manual to learn how to force clients to use passwords in addition to certs, or (#2) or to ONLY use passwords (no certs, highly NOT recommended) also use --client-cert-not-required, or (#3) and if you want the login name to be used as the common-name for things like ccd entries, use --username-as-common-name
I am not sure if clients properly handle asking the user for passwords 2x, but if they do there is no reason your script could not prompt for it 2x.
if you do whip up some code for that, i would be interested in hearing how it goes.
I am not sure if clients properly handle asking the user for passwords 2x, but if they do there is no reason your script could not prompt for it 2x.
if you do whip up some code for that, i would be interested in hearing how it goes.