[clug] 2 factor authentication in an era of smartphones

Matthew Oliver matt at oliver.net.au
Sun Dec 9 20:35:56 MST 2012

I've recently been playing with setting up OTP authentication on the test
environment at work using soft tokens (smart phone apps). And have it
working nicely with FreeRadius.

We are using LinOTP2, Google Authenticator, and FreeRadius to do VPN
authentication and to authenticate to our test networks' network devices.

I haven't got to the stage of pushing it to production but I can send you
my notes (redacted of course) if that interests you? Or I'll just blog it
so it benefits everyone. :)


On Mon, Dec 10, 2012 at 1:44 PM, jm <jeffm at ghostgun.com> wrote:

> Just a couple of things that may be relevant:
> 1) TOTP RFC 6238
> 2) Best known example on smart phones is Google Authenticator
> (http://code.google.com/p/google-authenticator/)
> There is also an open Challenge Response OTP (rfc6287), but I don't know
> of anyone implementing this. And also HOTP (rfc6238).
> TOTP hardware tokens are available cheaply which strangely makes the use
> of smart phone implementations more attractive. Simply due to the fact
> that if you have a user who doesn't have a smart phone you can still
> support them.
> Jeff.
> On 10/12/12 1:23 PM, Michael James wrote:
> > Dear CLUGers,
> >
> > Now that smartphones are ubiquitous
> >  it might be time to revisit 2 factor authentication.
> >
> > Instead of an RSA key-generating token just use
> >  an app to provide a One Time Password generator?
> >
> >
> > PS:  Security is an illusion caused by lack of imagination.
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux

More information about the linux mailing list