| Chetan Gaonker | 7f4bf74 | 2016-05-04 15:56:08 -0700 | [diff] [blame] | 1 | # -*- text -*- |
| 2 | # |
| 3 | # $Id: 3be32b85f56a84725fe1a6bf508e459dbe6c4e02 $ |
| 4 | |
| 5 | # SMS One-time Password system. |
| 6 | # |
| 7 | # This module will extend FreeRadius with a socks interface to create and |
| 8 | # validate One-Time-Passwords. The program for that creates the socket |
| 9 | # and interacts with this module is not included here. |
| 10 | # |
| 11 | # The module does not check the User-Password, this should be done with |
| 12 | # the "pap" module. See the example below. |
| 13 | # |
| 14 | # The module must be used in the "authorize" section to set |
| 15 | # Auth-Type properly. The first time through, the module is called |
| 16 | # in the "authenticate" section to authenticate the user password, and |
| 17 | # to send the challenge. The second time through, it authenticates |
| 18 | # the response to the challenge. e.g.: |
| 19 | # |
| 20 | # authorize { |
| 21 | # ... |
| 22 | # smsotp |
| 23 | # ... |
| 24 | # } |
| 25 | # |
| 26 | # authenticate { |
| 27 | # ... |
| 28 | # Auth-Type smsotp { |
| 29 | # pap |
| 30 | # smsotp |
| 31 | # } |
| 32 | # |
| 33 | # Auth-Type smsotp-reply { |
| 34 | # smsotp |
| 35 | # } |
| 36 | # ... |
| 37 | # } |
| 38 | # |
| 39 | smsotp { |
| 40 | # The location of the socket. |
| 41 | socket = "/var/run/smsotp_socket" |
| 42 | |
| 43 | # Defines the challenge message that will be send to the |
| 44 | # NAS. Default is "Enter Mobile PIN" } |
| 45 | challenge_message = "Enter Mobile PIN:" |
| 46 | |
| 47 | # Defines the Auth-Type section that is run for the response to |
| 48 | # the challenge. Default is "smsotp-reply". |
| 49 | challenge_type = "smsotp-reply" |
| 50 | |
| 51 | # Control how many sockets are used to talk to the SMSOTPd |
| 52 | # |
| 53 | pool { |
| 54 | # Number of connections to start |
| 55 | start = 5 |
| 56 | |
| 57 | # Minimum number of connections to keep open |
| 58 | min = 4 |
| 59 | |
| 60 | # Maximum number of connections |
| 61 | # |
| 62 | # If these connections are all in use and a new one |
| 63 | # is requested, the request will NOT get a connection. |
| 64 | max = 10 |
| 65 | |
| 66 | # Spare connections to be left idle |
| 67 | # |
| 68 | # NOTE: Idle connections WILL be closed if "idle_timeout" |
| 69 | # is set. |
| 70 | spare = 3 |
| 71 | |
| 72 | # Number of uses before the connection is closed |
| 73 | # |
| 74 | # 0 means "infinite" |
| 75 | uses = 0 |
| 76 | |
| 77 | # The lifetime (in seconds) of the connection |
| 78 | lifetime = 0 |
| 79 | |
| 80 | # idle timeout (in seconds). A connection which is |
| 81 | # unused for this length of time will be closed. |
| 82 | idle_timeout = 60 |
| 83 | |
| 84 | # NOTE: All configuration settings are enforced. If a |
| 85 | # connection is closed because of "idle_timeout", |
| 86 | # "uses", or "lifetime", then the total number of |
| 87 | # connections MAY fall below "min". When that |
| 88 | # happens, it will open a new connection. It will |
| 89 | # also log a WARNING message. |
| 90 | # |
| 91 | # The solution is to either lower the "min" connections, |
| 92 | # or increase lifetime/idle_timeout. |
| 93 | } |
| 94 | } |