<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 03/31/2015 05:30 PM, Andrew Holway
wrote:<br>
</div>
<blockquote
cite="mid:CAEiui-vLAAO8Ekkj5nh2NBrcVq2nmd5Gs_eVjDCFe78HvdoJFQ@mail.gmail.com"
type="cite">
<div dir="ltr">Hello FreeIPA people,
<div><br>
</div>
<div>I must say that FreeIPA v4 looks very pretty and I am
looking forward to trying out the new features.</div>
<div><br>
</div>
<div>I'm wondering what application and tools can be used to
authenticate with the OTP in freeipa. For instance, if we
wanted to set up a VPN that uses it how might we go about
that? Is there a common library that I should look out for?</div>
</div>
</blockquote>
<br>
With VPN you usually do the following:<br>
a) Pick a VPN of your choice based on features and needs you have<br>
b) Make sure the VPN server supports different authentication
methods. You need at least RADIUS which is the most popular option
and I would be surprise to find VPN server that does not talk RADIUS
to actually do the authentication.<br>
c) Setup freeRADIUS server on Fedora 21/RHEL 7.1/Centos 7.1 (when it
happens) box , configure it to do kinit authentication or pam
authentication via SSSD against IPA, see freeRADIUS manuals for more
details<br>
d) Connect VPN server to the RADIUS server<br>
e) Provision tokens (or hook IPA to existing OTP solution using
another RADIUS server)<br>
f) Profit<br>
<br>
If you have an application that can use RADIUS in such setup you can
use FreeIPA 2FA.<br>
Also see <a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/Web_App_Authentication">http://www.freeipa.org/page/Web_App_Authentication</a> how to
enable any web application to take advantage of the IPA
authentication including 2FA.<br>
<br>
<br>
<blockquote
cite="mid:CAEiui-vLAAO8Ekkj5nh2NBrcVq2nmd5Gs_eVjDCFe78HvdoJFQ@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
<div>Thanks,</div>
<div><br>
</div>
<div>Andrew</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.</pre>
</body>
</html>