rlm_smsotp

Synopsis

SMS One-time Password system.

This module will extend FreeRadius with a socks interface to create and validate One-Time-Passwords. The program that creates the socket and interacts with this module is not included here. The module does not check the User-Password; this should be done with the pap module. See the example below.

The module must be used in the authorize section to set Auth-Type properly. The first time through, the module is called in the authenticate section to authenticate the user password and to send the challenge. The second time through, it authenticates the response to the challenge. e.g.:

authorize {
    ...
    smsotp
    ...
}
authenticate {
    ...
    Auth-Type smsotp {
        pap
        smsotp
    }
    Auth-Type smsotp-reply {
        smsotp
    }
    ...
}

Processing Sections

Any.

Expansions

None.

Directives

challenge_message
Syntax

challenge_message = string

Default

Enter Mobile PIN:

Description

Defines the challenge message that will be send to the NAS.

challenge_type
Syntax

challenge_type = string

Default

smsotp-reply

Description

Defines the Auth-Type section that is run for the response to the challenge.

socket
Syntax

socket = string

Default

/var/run/smsotp_socket

Description

The location of the socket.

pool
Syntax

pool { …​ }

Description

A sub-section that manages connections to the database. See the pool documentation for more information.