Project

General

Profile

Actions

Feature #10377

open

Allow usage of TOTP (Google-Authenticator) without PIN

Added by Andreas Heckmann over 4 years ago. Updated 13 days ago.

Status:
New
Priority:
Very Low
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
03/26/2020
Due date:
% Done:

0%

Estimated time:
Plus Target Version:

Description

Currently it is not possible to create a radius user with TOTP enabled without entering an additional pin.
So to authentiate as that user, you have to enter the minimum 4 digit pin + 6 digit TOTP as password.

For scenarios like "openvpn ssl/tls with userauth", it would be much more user friendly to only use the TOTP without an additional pin.
First factor ist the cert, second factor the totp-secret from the phone.

So it would be nice to allow an empty entry for the pin on the create/modify-user page if totp (Google Authenticator) mode is used
and to modify the totp-check to handle the case when no password is set.

Actions

Also available in: Atom PDF