Ocserv 2FA Duo
Nux!
nux at li.nux.ro
Tue Sep 20 09:18:24 PDT 2016
Thanks Nikos, will do.
I'll get back with details if I get it to work.
Lucian
--
Sent from the Delta quadrant using Borg technology!
Nux!
www.nux.ro
----- Original Message -----
> From: "Nikos Mavrogiannopoulos" <n.mavrogiannopoulos at gmail.com>
> To: "Nux!" <nux at li.nux.ro>
> Cc: "openconnect-devel" <openconnect-devel at lists.infradead.org>
> Sent: Tuesday, 20 September, 2016 17:16:32
> Subject: Re: Ocserv 2FA Duo
> On Fri, Sep 16, 2016 at 9:00 PM, Nux! <nux at li.nux.ro> wrote:
>> Nikos,
>>
>> When we enable Duo in our Cisco, Anyconnect client will ask 1. the local radius
>> pw as well as 2. the Duo token - as a second password.
>> The user inputs 2 passwords.
>> Do you see any reason why the above should not work with Ocserv?
>> Right now I have not managed to get the above to work, before I go and pester
>> Duo support, I want to make sure Ocserv is actually capable of it.
>
> Yes, ocserv can prompt any arbitrary amount of passwords. There are
> instructions to setup 2fa with otp (with pam or without it). Your
> particular 2fa case with duo has not been tested by anyone as far as I
> know. Furthermore, I have no idea how duo works, if it is with PAM, my
> suggestion would be:
> 1. Make a setup that works for normal login prompt
> 2. Use this setup for ocserv
>
> If something doesn't work in that case send the debugging output (-d 4 or so).
>
> regards,
> Nikos
More information about the openconnect-devel
mailing list