Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- policy {
- # Change to a specific prefix if you want to deal with normal PAP authentication as well as OTP
- # e.g. "multiotp_prefix = 'otp:'"
- multiotp_prefix = ''
- multiotp.authorize {
- # This test force multiOTP for any MS-CHAP(v2) attempt
- if (control:Auth-Type == MS-CHAP) {
- update control {
- Auth-Type := multiotpmschap
- }
- }
- # This test force multiOTP for any MS-CHAP(v2) attempt
- elsif (control:Auth-Type == mschap) {
- update control {
- Auth-Type := multiotpmschap
- }
- }
- # This test force multiOTP for any CHAP attempt
- elsif (control:Auth-Type == chap) {
- update control {
- Auth-Type := multiotp
- }
- }
- # This test is for decimal OTP code only, otherwise you will have to change it
- # elsif (!control:Auth-Type && User-Password =~ /^${policy.multiotp_prefix}([0-9]{10})$/) {
- #
- # Use this simple test for non decimal only OTP code: elsif (!control:Auth-Type) {
- #
- # This test force multiOTP for any other attempt like PAP
- elsif (!control:Auth-Type) {
- update control {
- Auth-Type := multiotp
- }
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
