[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Radius authentication with OTP (One time Password) sup port
Getting the Open Source radius server to work with fw1 has never been a problem. Works really well. The problem is getting the radius server to authenticate the user via some sort of OTP authentication. Both gnu-radius and freeradius support PAM, and freeradius supports EAP (Extensible Authentication Protocol), but I can't seem to get it to work properly. For instance, I configured gnu-radius to authenticate through PAM which pointed to a pam_opie module. If I connect locally to the server using radauth, I see the radius server pass back the opie challenge. The connection still fails because radius still wants a username and pass up front. I could be missing something in the users file though. Have you successfully implemented an Open Source radius server using OTP authentication? Thanks for your input. -Aaron -----Original Message----- From: Lars Troen [mailto:[email protected]] Sent: Thursday, August 15, 2002 12:39 AM To: [email protected] Subject: Re: [FW-1] Radius authentication with OTP (One time Password) support Aaron, Does these free radius servers support other otp schemes than opie/skey? skey is supported natively in firewall-1. But usinf a calculator is of course a much better solution. Can you install token certs for e.g. activcard on one of these free servers? I know you can implement SecurID auth in ssh/openssh, but you still need the SecurID server. I've tested several different RADIUS servers with firewall-1 and it's usually not to complicated getting to communicate with firewall-1. Just make sure that you define both the internal and the licensed interface as radius clients on the radius server. Lars > -----Original Message----- > From: <Aaron Reynolds> [mailto:[email protected]] > Sent: Wednesday, August 14, 2002 22:22 > To: [email protected] > Subject: [FW-1] Radius authentication with OTP (One time Password) > support > > > Has anyone successfully implemented a radius server for securemote > authentication with OTP support? I have found a few commercial radius > servers, but can't seem to figure out how to get it to work > with an Open > Source radius server. I have tested gnu-radius using PAM > authentication > wich calls a OTP pam module, but it doesn't send the info > back over the > SecuRemote connection. Any input is greatly appreciated. > > -Aaron > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|