[Freeipa-users] OTP integrations
Dmitri Pal
dpal at redhat.com
Tue Mar 31 22:49:15 UTC 2015
On 03/31/2015 05:30 PM, Andrew Holway wrote:
> Hello FreeIPA people,
>
> I must say that FreeIPA v4 looks very pretty and I am looking forward
> to trying out the new features.
>
> I'm wondering what application and tools can be used to authenticate
> with the OTP in freeipa. For instance, if we wanted to set up a VPN
> that uses it how might we go about that? Is there a common library
> that I should look out for?
With VPN you usually do the following:
a) Pick a VPN of your choice based on features and needs you have
b) Make sure the VPN server supports different authentication methods.
You need at least RADIUS which is the most popular option and I would be
surprise to find VPN server that does not talk RADIUS to actually do the
authentication.
c) Setup freeRADIUS server on Fedora 21/RHEL 7.1/Centos 7.1 (when it
happens) box , configure it to do kinit authentication or pam
authentication via SSSD against IPA, see freeRADIUS manuals for more details
d) Connect VPN server to the RADIUS server
e) Provision tokens (or hook IPA to existing OTP solution using another
RADIUS server)
f) Profit
If you have an application that can use RADIUS in such setup you can use
FreeIPA 2FA.
Also see http://www.freeipa.org/page/Web_App_Authentication how to
enable any web application to take advantage of the IPA authentication
including 2FA.
>
> Thanks,
>
> Andrew
>
>
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150331/3010ce8a/attachment.htm>
More information about the Freeipa-users
mailing list