|
1
|
================================================================================
|
|
2
|
MODIFICATION DE freeradiussettings.xml
|
|
3
|
================================================================================
|
|
4
|
|
|
5
|
LOCALISATION
|
|
6
|
------------
|
|
7
|
|
|
8
|
Chercher la section OTP existante avec :
|
|
9
|
$ grep -n "varotpenable" freeradiussettings.xml
|
|
10
|
|
|
11
|
Vous trouverez un bloc <field> comme :
|
|
12
|
|
|
13
|
<field>
|
|
14
|
<fielddescr>Enable mOTP</fielddescr>
|
|
15
|
<fieldname>varotpenable</fieldname>
|
|
16
|
...
|
|
17
|
</field>
|
|
18
|
|
|
19
|
AJOUTER le nouveau bloc APRÈS ce champ </field> et AVANT le prochain <field>
|
|
20
|
|
|
21
|
|
|
22
|
BLOC XML À INSÉRER
|
|
23
|
------------------
|
|
24
|
|
|
25
|
Copier-coller exactement ce bloc :
|
|
26
|
|
|
27
|
<field>
|
|
28
|
<fielddescr>Enable OTP Anti-Replay Protection</fielddescr>
|
|
29
|
<fieldname>varotpantireplay</fieldname>
|
|
30
|
<description>
|
|
31
|
<![CDATA[
|
|
32
|
Enable anti-replay protection for OTP authentication (Google Authenticator and mOTP).<br/>
|
|
33
|
<span class="text-info">When enabled, each OTP code can only be used once within its validity window (90 seconds).</span><br/>
|
|
34
|
<span class="text-warning">This provides RFC 6238 compliance and prevents replay attacks where an intercepted code could be reused.</span><br/>
|
|
35
|
<span class="text-info">(Default: unchecked - disabled for backward compatibility)</span>
|
|
36
|
]]>
|
|
37
|
</description>
|
|
38
|
<type>checkbox</type>
|
|
39
|
<default_value></default_value>
|
|
40
|
</field>
|
|
41
|
|
|
42
|
|
|
43
|
RÉSULTAT ATTENDU
|
|
44
|
----------------
|
|
45
|
|
|
46
|
La section devrait ressembler à ceci après modification :
|
|
47
|
|
|
48
|
...
|
|
49
|
<field>
|
|
50
|
<fielddescr>Enable mOTP</fielddescr>
|
|
51
|
<fieldname>varotpenable</fieldname>
|
|
52
|
<description>
|
|
53
|
<![CDATA[
|
|
54
|
Check this to enable mOTP / Google Authenticator authentication for users.<br/>
|
|
55
|
...existing description...
|
|
56
|
]]>
|
|
57
|
</description>
|
|
58
|
<type>checkbox</type>
|
|
59
|
<enablefields>...</enablefields>
|
|
60
|
</field>
|
|
61
|
<field>
|
|
62
|
<fielddescr>Enable OTP Anti-Replay Protection</fielddescr>
|
|
63
|
<fieldname>varotpantireplay</fieldname>
|
|
64
|
<description>
|
|
65
|
<![CDATA[
|
|
66
|
Enable anti-replay protection for OTP authentication (Google Authenticator and mOTP).<br/>
|
|
67
|
<span class="text-info">When enabled, each OTP code can only be used once within its validity window (90 seconds).</span><br/>
|
|
68
|
<span class="text-warning">This provides RFC 6238 compliance and prevents replay attacks where an intercepted code could be reused.</span><br/>
|
|
69
|
<span class="text-info">(Default: unchecked - disabled for backward compatibility)</span>
|
|
70
|
]]>
|
|
71
|
</description>
|
|
72
|
<type>checkbox</type>
|
|
73
|
<default_value></default_value>
|
|
74
|
</field>
|
|
75
|
... (autres champs) ...
|
|
76
|
|
|
77
|
|
|
78
|
COMMANDE SED POUR AUTOMATISER
|
|
79
|
-----------------------------
|
|
80
|
|
|
81
|
# Backup
|
|
82
|
cp freeradiussettings.xml freeradiussettings.xml.bak
|
|
83
|
|
|
84
|
# Cette commande est complexe car elle insère plusieurs lignes
|
|
85
|
# Il est recommandé d'éditer manuellement avec nano/vim
|
|
86
|
|
|
87
|
# Vérification après modification
|
|
88
|
grep -A5 "varotpantireplay" freeradiussettings.xml
|
|
89
|
|
|
90
|
|
|
91
|
VALIDATION XML
|
|
92
|
--------------
|
|
93
|
|
|
94
|
Après modification, vérifier que le XML est valide :
|
|
95
|
$ xmllint --noout freeradiussettings.xml
|
|
96
|
|
|
97
|
Si pas d'erreur = OK
|
|
98
|
Si erreur = vérifier les balises et l'encodage CDATA
|