Radius as Second Factor

Some proprietary, OTP-based second factor implementations expose a Radius server that allow an authenticating application (such as LemonLDAP::NG) to verify the validity of an OTP using the standard Radius protocol.

After choosing the Radius second factor type, the user is prompted with a code that will be checked against the Radius server.

This feature uses Authen::Radius. Before enable it, on Debian you must install it :

For CentOS/RHEL:

yum install perl-Authen-Radius

In Debian/Ubuntu, install the library through apt-get command

apt-get install libauthen-radius-perl

All parameters are configured in "General Parameters » Second factors » Mail second factor".

• Activation: Set to On to activate this module, or use a specific rule to select which users may use this type of second factor
• Server hostname: The hostname of the Radius server
• Shared secret: The secret key shared with the Radius server
• Session key containing login (Optional): When verifying the OTP code against the Radius server, use this attribute as the login and the OTP code as password. By default, the attribute designated as whatToTrace is used.
• Authentication timeout (Optional) :
• Authentication level (Optional): if you want to overwrite the value sent by your authentication module, you can define here the new authentication level. Example: 5
• Logo (Optional): logo file (in static/<skin> directory)
• Label (Optional): label that should be displayed to the user on the choice screen