ocserv and RADIUS two-factor challenges
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Wed May 31 00:59:59 PDT 2017
On Tue, May 30, 2017 at 6:22 PM, Jarett DeAngelis <jarett at reticulum.us> wrote:
> Hi everyone,
>
> So, I'm trying to figure out whether or not I can use ocserv with two-factor authentication (specifically, with Centrify) at work. In my lab environment I have it running successfully with the ocserv RADIUS client pointed at Windows 2012 R2's NPS doing authentication. I don't have (and can't get) Centrify running in the lab, which means I can't test 2FA in the lab with it. So I'm trying to figure out how to "fake" 2FA with NPS, so that I can see whether or not ocserv will pop the challenge for the second factor up in the AnyConnect GUI and pass the response back through. I can't find any information specific to this in the OpenConnect server documentation. Anyone have ideas?
Hi the best resource are the recipes:
http://www.infradead.org/ocserv/recipes.html
What type of 2FA do you use? ocserv supports 2FA, with 2 different
factors (e.g., a password and smart card, or a password and a kerberos
ticket). If you have multiple passwords, the easiest way is through
PAM.
regards,
Nikos
More information about the openconnect-devel
mailing list