Hi,
Thanks for the details.
On Thu, Dec 22, 2016 at 11:40 AM, Gert Doering <g...@greenie.muc.de> wrote:
> We do not use challenge (static or dynamic) today, as we did not know
> that these exist when building the system - so the user enters
> his "token + PIN" as one string into the "Password:" field, and the
> Kobil RADIUS backend knows which bits are which
>
I see... We're already used to having separate prompts... A custom
totp pam-module
stacked on the usual pam auth modules is used for ssh and openvpn. For ssh
it prompts for the OTP after password. For openvpn, static challenge
protocol is used, so making auth-pam pick the password and pin apart and
then respond to the two pam prompts would help in this case.
It should be fairly easy to do, will take a look.
Dynamic challenge is a harder beast but required only if the challenge is
really dynamic; so far not so in our case.
Selva
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/intel
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
