summaryrefslogtreecommitdiffstats
path: root/raddb/mods-available/smsotp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:49:46 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 09:49:46 +0000
commit50b37d4a27d3295a29afca2286f1a5a086142cec (patch)
tree9212f763934ee090ef72d823f559f52ce387f268 /raddb/mods-available/smsotp
parentInitial commit. (diff)
downloadfreeradius-upstream/3.2.1+dfsg.tar.xz
freeradius-upstream/3.2.1+dfsg.zip
Adding upstream version 3.2.1+dfsg.upstream/3.2.1+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--raddb/mods-available/smsotp94
1 files changed, 94 insertions, 0 deletions
diff --git a/raddb/mods-available/smsotp b/raddb/mods-available/smsotp
new file mode 100644
index 0000000..3be32b8
--- /dev/null
+++ b/raddb/mods-available/smsotp
@@ -0,0 +1,94 @@
+# -*- text -*-
+#
+# $Id$
+
+# SMS One-time Password system.
+#
+# This module will extend FreeRadius with a socks interface to create and
+# validate One-Time-Passwords. The program for that creates the socket
+# and interacts with this module is not included here.
+#
+# The module does not check the User-Password, this should be done with
+# the "pap" module. See the example below.
+#
+# The module must be used in the "authorize" section to set
+# Auth-Type properly. The first time through, the module is called
+# in the "authenticate" section to authenticate the user password, and
+# to send the challenge. The second time through, it authenticates
+# the response to the challenge. e.g.:
+#
+# authorize {
+# ...
+# smsotp
+# ...
+# }
+#
+# authenticate {
+# ...
+# Auth-Type smsotp {
+# pap
+# smsotp
+# }
+#
+# Auth-Type smsotp-reply {
+# smsotp
+# }
+# ...
+# }
+#
+smsotp {
+ # The location of the socket.
+ socket = "/var/run/smsotp_socket"
+
+ # Defines the challenge message that will be send to the
+ # NAS. Default is "Enter Mobile PIN" }
+ challenge_message = "Enter Mobile PIN:"
+
+ # Defines the Auth-Type section that is run for the response to
+ # the challenge. Default is "smsotp-reply".
+ challenge_type = "smsotp-reply"
+
+ # Control how many sockets are used to talk to the SMSOTPd
+ #
+ pool {
+ # Number of connections to start
+ start = 5
+
+ # Minimum number of connections to keep open
+ min = 4
+
+ # Maximum number of connections
+ #
+ # If these connections are all in use and a new one
+ # is requested, the request will NOT get a connection.
+ max = 10
+
+ # Spare connections to be left idle
+ #
+ # NOTE: Idle connections WILL be closed if "idle_timeout"
+ # is set.
+ spare = 3
+
+ # Number of uses before the connection is closed
+ #
+ # 0 means "infinite"
+ uses = 0
+
+ # The lifetime (in seconds) of the connection
+ lifetime = 0
+
+ # idle timeout (in seconds). A connection which is
+ # unused for this length of time will be closed.
+ idle_timeout = 60
+
+ # NOTE: All configuration settings are enforced. If a
+ # connection is closed because of "idle_timeout",
+ # "uses", or "lifetime", then the total number of
+ # connections MAY fall below "min". When that
+ # happens, it will open a new connection. It will
+ # also log a WARNING message.
+ #
+ # The solution is to either lower the "min" connections,
+ # or increase lifetime/idle_timeout.
+ }
+}