Project

General

Profile

Radius Mode

This menu is for setting the default authentication mode for the radius clients if that option isn't set on a per client basis.
All these modes checks the user to key binding, and can be configured to do Auto Provisioning of that binding.

┌────────────────────────────────────────────────────────────────────────────┐
│                   MODE on xx (Version 2.x.x build xxxx)                    │
└────────────────────────────────────────────────────────────────────────────┘

┌─┬──────────────────────────────────────────────────────────────────────────┐
│1│View Radius Mode                                                          │
│2│Set Challenge/Response Mode                                               │
│3│Set Concatenated Mode                                                     │
│4│Set Secondary Auth Mode                                                   │
└─┴──────────────────────────────────────────────────────────────────────────┘

Move the cursor or enter a it's corresponding number (Q to Quit)              

Main> Modules> Radius> Settings> Mode>

1. View Radius Mode

This allows you to see the currently configured default mode.

2. Challenge/Response Mode.

This mode requires that the user login via a Challenge/Response enabled radius client, first by the normal username/passwords credentials of the respective backend. If that authentication is successful then we challenge the user to press the yubikey, if that OTP is successfully validated then the user will be accepted.

3. Concatenated Mode.

This mode can be used with radius clients that does not support challenge/response and it requires the user to supply his/hers username and password+OTP, the username and password is validated against the respective backend, if that is successful we will validate the OTP, and if that is also successful we will send the accept.

4. Secondary auth Mode.

In this mode we only the OTP, this is typically used when you add the yubikeys as a secondary auth if you have an exsisting authorization/authentication that you dont want to chain, for instance a Cisco ASA that authenticates with a AD.