![]() ![]() ![]() Log into WiKID server web interface (.So, start by adding a new Radius network client to the WiKID server for your web server: I assume you already have a WiKID domain and users setup. First, we add Apache to the WiKID Strong Authentication Server as a network client, then add radius to Apache. If the username and one-time password match what WiKID expects, the server will tell Apache to grant access. Apache will route the username and one-time password to the WiKID server via mod_auth_radius. The user generates the one-time passcode on their WiKID token and enters it into the password prompt. Here's how it will work, when the user clicks on a two-factor protected link, they will be prompted for a username and password. To configure mutual authentication for web applications, see this tutorial. If they don't match an error will be displayed, much like SSH. If the two match, the token will launch the default browser to the target site for the user. ![]() The WiKID software token performs mutual authentication by retrieving a hash of the website's SSL certificate from the WiKID server and comparing a hash of the downloaded SSL certificate. While some sites use an image in an attempt to validate a server, it should be noted that any man-in-the-middle could simply replay such an image. Strong mutual authentication means that the targeted website is authenticated to the user in some cryptographically secure manner, thwarting most man-in-the-middle attacks. It is also recommended that you consider using mutual https authentication for web applications that are worthy of two-factor authentication. ![]() For Fedora and other RedHat flavors of Linux, it is recommended that you use mod_auth_xradius. Interestingly, a patch has been created to update mod_auth_radius to work with Apache 2.2+, however, it has only been updated for Debian and Ubuntu. A previous article described how to add two factor authentication to apache on Fedora. This document describes how to add WiKID two-factor authentication to Apache 2.2.x using mod_auth_radius on Ubuntu 8.1. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |