Digg this!
Del.ico.us
Google
Yahoo bookmarks
Reddit
Spurl
SimpyUsing WiKID Strong Authentication with OpenVPN
How to configure OpenVPN to use WiKID Strong Authentication
These instructions will help you use WiKID Strong Authentication withOpenVPN on Linux.
- Configure your Linux box via PAM to use TACACS+ and WiKID for SSH Authentication.or PAM RADIUS
- Install OpenVPN according to their excellent howto
- You will want to configure the server side to use an alternate authentication method, just add this to server.conf file (verify the location of openvpn-auth-pam.so):
plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so openvpnIf you want to drop the requirement for client certificates, add the following as well:
client-cert-not-required username-as-common-name
auth-user-pass
If you drop the requirement for client certificates on the server, you should also comment them out on the client:
#cert client.crt #key client.key
Now you need to create the /etc/pam.d/openvpn file. It should only need two lines, one for authentication and one for account:
auth sufficient /lib/security/pam_radius_auth.so debug account sufficient /lib/security/pam_radius_auth.so
That is it!
The WiKID Strong Authentication System is a very reasonably priced two-factor authentication solution. We invite you to learn more about our technology and architecture and to download and test the Enterprise version.
