[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: patch files for pam_radius - adding an 'Always Prompt' option
From:       Alexander Clouter <alex () digriz ! org ! uk>
Date:       2011-06-30 15:51:36
Message-ID: 8liud8-rl9.ln1 () chipmunk ! wormnet ! eu
[Download RAW message or body]

Nick Owen <nowen@wikidsystems.com> wrote:
> 
> We recently had a customer that wanted to check a password against AD
> via kerberos and then an one-time passcode against a WiKID Strong
> Authentication server via radius.  We found that PAM passed the AD
> password to our OTP server, which failed.  We have added a pam option
> "always prompt" in the attached code.  This will force a "WiKID
> passcode:" prompt regardless of any previous password entry. This can
> be changed, of course.
>
Better to lead with the OTP as then you fend off brute force and 
dictionary attacks.

Cheers

-- 
Alexander Clouter
.sigmonster says: If you had any brains, you'd be dangerous.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[prev in list] [next in list] [prev in thread] [next in thread]