Advertisement
Guest User

multiotp-policy

a guest
Jul 23rd, 2018
133
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. policy {
  2. # Change to a specific prefix if you want to deal with normal PAP authentication as well as OTP
  3. # e.g. "multiotp_prefix = 'otp:'"
  4. multiotp_prefix = ''
  5. multiotp.authorize {
  6. # This test force multiOTP for any MS-CHAP(v2) attempt
  7. if (control:Auth-Type == MS-CHAP) {
  8. update control {
  9. Auth-Type := multiotpmschap
  10. }
  11. }
  12. # This test force multiOTP for any MS-CHAP(v2) attempt
  13. elsif (control:Auth-Type == mschap) {
  14. update control {
  15. Auth-Type := multiotpmschap
  16. }
  17. }
  18. # This test force multiOTP for any CHAP attempt
  19. elsif (control:Auth-Type == chap) {
  20. update control {
  21. Auth-Type := multiotp
  22. }
  23. }
  24. # This test is for decimal OTP code only, otherwise you will have to change it
  25. # elsif (!control:Auth-Type && User-Password =~ /^${policy.multiotp_prefix}([0-9]{10})$/) {
  26. #
  27. # Use this simple test for non decimal only OTP code: elsif (!control:Auth-Type) {
  28. #
  29. # This test force multiOTP for any other attempt like PAP
  30. elsif (!control:Auth-Type) {
  31. update control {
  32. Auth-Type := multiotp
  33. }
  34. }
  35. }
  36. }
Advertisement
RAW Paste Data Copied
Advertisement