Jump to content

Recommended Posts

Posted

The current implementation of RADIUS only allows the use of tokens/passwords that do not require a challenge/response.  Currently, if a RADIUS Challenge message is sent to the portal, a Password Incorrect message is instead shown.

 

Example Scenario [RADIUS server setup to use SMS tokencodes]:

  1.  User enters their PIN and clicks Next
  2. PIN is sent to RADIUS server
  3. RADIUS server responds with Access-Challenge message
  4. Password portal prompts user for next token code (or whatever message is sent back with the Access-Challenge)
  5. User enters tokencode they received and clicks Next
  6. RADIUS server respondss with Access-Granted and authentication succeed

 

This is also useful in scenarios when using hardware/software tokens via RADIUS and a PIN rotation is enabled.  The portal would need to be able chain Access-Challenge responses as there may be more than one.

  • 2 months later...
  • 2 months later...
  • 2 months later...
Posted

I think we're after something similar, our RADIUS server is configured to send the user a PIN via SMS. We pointed Passwordstate to our RADIUS server and I received the PIN code on my phone, but Passwordstate didn't challenge me to enter the code to gain access.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...