Lisa: I'm a bit confused by your questions too, but I think I can help as I have documented a lot of "how to use WiKID one-time passcodes with x" setups (http://www.wikidsystems.com/documentation/howtos/). Most should be applicable to whatever OTP system you are using. If you are looking to validate a user against active directory as well as against an one-time password system, then I recommend that you use pam_radius pointed to Microsoft's radius server ISA. ISA (2003 or greater, IIRC) will validate that the user is in AD and then proxy the request to a radius server and it is included in server 2003. You can find some info here: http://tinyurl.com/2cofys http://www.wikidsystems.com/documentation/howtos/how-to-configure-the-microsoft-isa-server-to-support-two-factor-authentication-from-wikid/ For apache, if you're sticking with radius, I suggest mod_auth_radius: http://www.wikidsystems.com/documentation/howtos/how-to-add-two-factor-authentication-to-apache/ or mod_auth_xradius: http://www.howtoforge.com/apache_radius_two_factor_authentication Be warned that I had issues with versions of apache later than Apache 2.2.2-10 and mod radius. If your project is to create a custom PAM module, please let me know. We would love to have a WiKID PAM module to go with our open source server. HTH, Nick lisa laam wrote: > Hi, > > > I have a trainee. > -I have to write a module witch should be able to authenticate users > with username and password concatenated to OTP (One Time Password) > rather than only password. > - this module should be able to authenticate first the user within > Active Directory and then validate the OTP. > -The module that validate the OTP is Servlet (JAVA module). and i should > use it for OTP validation. > > -what i should implment is a proof of concept. > > -After studiying the different AAA (radius, kerberos, ..) severs, I > propose to use Freeradius to integrate this module for remote access > (for a simple prrof of concept). my choice was based on the fact that > Radius protocol is hily supported. > -For web access I thought writting a module (PAM module) for an Apache > Server./ your comment? > > -The first probleme is that i have only two months left to implement one > of the two solution (Apache or Radius) so i should choose rapidlly. > Witch of the two is easiest to implement?? > - ths second probleme is that this is the first time i deal with > Freeradius, PAM, Apache. > > my questions are : > > 2- if i used Freeradius, then what would be easy and rapide to implement > a PAM module or using JRadius (i tried to install Jradius patch, but > didn't succeed)? Did you advice me JRadius (I thougt about JRadius > because the OTP validation programme is written in JAVA) ? > 3- about PAM modules, I understand that we could use this independently > from Freeradius Server. Is this true. would it be easier and fatser to > implement a standalone PAM? > > please need your advice. help me to choose : > > - Freeradius+ PAM or > - Freeradius+ JRadius or > - Freeradius+ waht ? or > - Apache + PAM or > - standalone PAM ?? or > - what > > thanks in advance > > > Lisa > > > ------------------------------------------------------------------------ > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list -- Nick Owen WiKID Systems, Inc. 404.962.8983 http://www.wikidsystems.com Commercial/Open Source Two-Factor Authentication irc.freenode.net: #wikid _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
