How do I configure Tectia Server on Linux to authenticate users with a username and password followed by a one-time MobileID pin?
asked Sep 17 '10 at 11:57
Ville Laurikari ♦
One easy way to do this on Linux (and Unix) is by using Radius PAM. This is easy to configure, specially if your Linux distribution already has pam_radius support. The disadvantage of this approach is that, even though your radius server (in this case MobileId server) can be configured to authenticate accounts against LDAP or AD, it still requires that local accounts exist in the local machine.
That's it, you should now be able to authenticate to the server using keyboard-interactive authentication.
The keyboard-interactive submethod on the server will then use Radius to authenticate against the MobileID server using password and then provide the challenge using an SMS one-time PIN. Login will be allowed upon successful authentication of both the password and PIN.
answered Sep 28 '10 at 12:55
Starting from Tectia Server 6.1.X you can configure Tectia server to use submethod-radius and you don't need to use PAM. Example Tectia Server radius authentication configuration:
answered Oct 21 '11 at 09:36