how to make ocserv do totp 2FA?
Wang Jian
larkwang at gmail.com
Mon May 18 07:46:12 PDT 2015
Hi,
I am evaluating VPN with 2FA (w/ TOTP) supports inhouse.
Currently, we use openvpn to do static 2FA (w/ shared client certificate), but
it's not easy for hundreds of employee scale, and configuration file got leaked
easily (actually happened). So this time, we do want to use a solution with less
client setup effort.
OpenConnect server and client are good starting point, coz openconnect &
anyconnect clients all support 2FA.
Although multiple factor authentication support is available for
ocserv long ago,
I can't find docs about how to make static password + totp work for ocserv.Is it
possible?
Obviously, the current ocserv auth backends don't support such setup. But if I
can make client send username, password and 2nd password, I can hack a backend
to do password & totp code auth for inhouse use. Anyone can help me out?
Regards.
More information about the openconnect-devel
mailing list