rlm_smsotp

Synopsis

SMS One-time Password system.

This module will extend FreeRadius with a socks interface to create and validate One-Time-Passwords. The program that creates the socket and interacts with this module is not included here. The module does not check the User-Password; this should be done with the pap module. See the example below.

The module must be used in the authorize section to set Auth-Type properly. The first time through, the module is called in the authenticate section to authenticate the user password and to send the challenge. The second time through, it authenticates the response to the challenge. e.g.:

authorize {
    ...
    smsotp
    ...
}
authenticate {
    ...
    Auth-Type smsotp {
        pap
        smsotp
    }
    Auth-Type smsotp-reply {
        smsotp
    }
    ...
}

Processing Sections

Any.

Expansions

None.

Directives

challenge_message

Syntax: challenge_message = string
Default: Enter Mobile PIN:
Description: Defines the challenge message that will be send to the NAS.

challenge_type

Syntax: challenge_type = string
Default: smsotp-reply
Description: Defines the Auth-Type section that is run for the response to the challenge.

socket

Syntax: socket = string
Default: /var/run/smsotp_socket
Description: The location of the socket.

pool

Syntax: pool { … }
Description: A sub-section that manages connections to the database. See the pool documentation for more information.