![]() So plug-ins need to be signalled about this in their configuration: If the static-challenge flag is set, passwords that are passed to plugins, will have a special format. The input for both fields is combined and passed to both plug-ins as a specially formatted password. The prompt for the pin+current OTP number will be the first argument of the static-challenge option (the second argument controls if the input is masked or clear-type when the user enters it). If the static-challenge flag is set when the users vpn in, they will be asked for a username, a password and a pin+current OTP number from the OTP token. Plugin /usr/local/lib/openvpn/openvpn-otp.so "password_is_cr=1 otp_secrets=/etc/openvpn/auth/otp-secrets" ![]() Plugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/nf #LDAP (Active Directory Authentication) PLUGIN When users vpn in, they will need to provide their username and pin+current OTP number from the OTP token. Hobbes otp totp:sha1:base32:7VXNJAFPYYKO3ILO::xxx * Hobbes otp totp:sha1:base32:LJYHR64TUI7I元RD::xxx * # allow multiple tokens without a pin for a specific user # use text encoding for clients supporting plain text keys # use totp-60-6 and sha1/hex for hardware based 60 seconds / 6 digits tokens Lucie otp hotp:sha1:base32::MT4GWEZTSRBV2QQC:xxx * John otp totp:sha1:base32:LJYHR64TUI7I元RD::xxx * # use sha1/base32 for Google Authenticator without a pin # use sha1/base32 for Google Authenticator with a strong pinĪlice otp totp:sha1:base32:46HV5FIYE33TKWYP:5uP3rH4x0r:xxx * # use sha1/base32 for Google Authenticator with a simple pinīob otp totp:sha1:base32:K7BYLIU5D2V33X6S:1234:xxx * # udid is used only in motp mode and ignored in totp mode # pin may be a number or a string (may be empty) # user server type:hash:encoding:key:pin:udid client
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |