Ocserv 2FA Duo

[Nux!]

Nikos,

Would you be able to say whether Ocserv can ask for 2 passwords, say , if PAM asked it to?

-- 
Sent from my mobile device. Please excuse my brevity.

On 9 September 2016 07:12:07 BST, Nikos Mavrogiannopoulos <n.mavrogiannopoulos at gmail.com> wrote:
>On Thu, Sep 8, 2016 at 7:46 PM, Nux! <nux at li.nux.ro> wrote:
>> Hi,
>>
>> I am trying to enable 2FA using a local Radius server and a
>Duo-enabled[1] Radius server, but alas it seems I cannot mix same kind
>of authentication types.
>> "radius[config=/etc/radcli/radiusclient.conf,groupconfig=false]: You
>cannot mix multiple authentication methods of this type"
>
>Unfortunately that's a limitation, which looked reasonable initially,
>but now it looks like it should be reconsidered/lifted.
>
>> In fact I get the "cannot mix" error even if I mix auth of plain with
>radius or pam.
>> Any pointers as to what needs to be done to get this working?
>
>You can work-around it by setting up all your password auth methods
>over pam. That is, use radius over PAM, in addition to your primary
>auth password.
>
>regards,
>Nikos