Configuring SSH To Use Freeradius And WiKID For Two-Factor Authentication

Radius is a great standard. It is powerful enough to accomplish a great deal and simple enough to be easy to handle. Freeradius is an excellent, open source radius server that ships with many Linux variants. It is well documented and well supported. The WiKID Strong Authentication server is a commercial/open source two-factor authentication system that uses public key encryption to transmit PINs and one-time passcodes securely to software tokens running on Blackberries, cell phones, Palms, PocketPCs or, using the J2SE client, Linux, Macs and Windows PCs. You can think of WiKID like certificates, but without the hassles of white lists/black lists and more secure – because the PIN is validated on the server preventing offline brute-force attacks.

Companies that need to meet requirements, such as PCI-DSS or HIPAA, may need to secure their networks with two-factor authentication and tightly controlled access. Combining Freeradius and WiKID is a highly cost-effective way to accomplish that.

In this example, I am installing Freeradius on Fedora Core 7 and running the 3.0RC2 rpms of WiKID on Centos5 (however, the same instructions will work for the 2.0 version of WiKID.) We’ll be testing with SSH, however, the same setup should work for Apache, WebDAV, OpenVPN, and any other application that supports PAM.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s