[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: patch files for pam_radius - adding an 'Always Prompt' option
From: Alexander Clouter <alex () digriz ! org ! uk>
Date: 2011-06-30 15:51:36
Message-ID: 8liud8-rl9.ln1 () chipmunk ! wormnet ! eu
[Download RAW message or body]
Nick Owen <nowen@wikidsystems.com> wrote:
>
> We recently had a customer that wanted to check a password against AD
> via kerberos and then an one-time passcode against a WiKID Strong
> Authentication server via radius. We found that PAM passed the AD
> password to our OTP server, which failed. We have added a pam option
> "always prompt" in the attached code. This will force a "WiKID
> passcode:" prompt regardless of any previous password entry. This can
> be changed, of course.
>
Better to lead with the OTP as then you fend off brute force and
dictionary attacks.
Cheers
--
Alexander Clouter
.sigmonster says: If you had any brains, you'd be dangerous.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic