freeradius - OTP
# vi /var/www/html/OTP/pam.php
<?php
echo “:-(”; //
file_put_contents(’/tmp/pam.txt’,date(’Y-m-d D H:i:s ‘).json_encode($_GET).”\n”,FILE_APPEND);
?>
#perl -MCPAN -e shell
- Create a new file ‘/etc/freeradius/sites-available/linotp’ with the following content:
authorize {
#normalizes maleformed client request before handed on to other modules (see '/etc/freeradius/modules/preprocess')
preprocess
# If you are using multiple kinds of realms, you probably
# want to set "ignore_null = yes" for all of them.
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#allows a list of realm (see '/etc/freeradius/modules/realm')
IPASS
#understands something like USER@REALM and can tell the components apart (see '/etc/freeradius/modules/realm')
suffix
#understands USER\REALM and can tell the components apart (see '/etc/freeradius/modules/realm')
ntdomain
# Read the 'users' file to learn about special configuration which should be applied for
# certain users (see '/etc/freeradius/modules/files')
files
# allows to let authentification to expire (see '/etc/freeradius/modules/expiration')
expiration
# allows to define valid service-times (see '/etc/freeradius/modules/logintime')
logintime
# We got no radius_shortname_map!
pap
}
#here the linotp perl module is called for further processing
authenticate {
perl
}
ln -s ../sites-available/linotp /etc/freeradius/sites-enabled'
https://github.com/multiOTP/radius-class-php
http://wiki.freeradius.org/modules/Rlm_perl