Support of Two Factor auth in absence of OIDC

KMuriki · February 6, 2020, 10:41pm

I’m trying to configure our OOD instance to use the same two factor authentication service (LinOTP + Radius + SSH/PAM) that our users use for SSH’ing into our cluster. We do not have a fully functional OIDC setup so I cannot use something like Keycloak as suggested in the documentation. Instead I’m trying to get it working using mod_intercept_form_submit + mod_authnz_pam (https://www.adelton.com/apache/mod_intercept_form_submit/).

Anyone with experience trying similar options with their OOD installation ? Please let me know we can share notes.

Thanks,
Krishna.

jeff.ohrstrom · March 26, 2020, 2:33pm

Maybe @tdockendorf can shed some light on this request?

tdockendorf · March 26, 2020, 2:58pm

Sorry, I have no experience with mod_intercept_form. If the authentication can be performed via SSSD based logins via SSH and the OTP step can be setup to autopush or require no input from the user, there is the possibility of using Keycloak’s SSSD integration.

Topic		Replies	Views
Nicer auth interface for PAM authentication? Get Help question	5	350	December 6, 2022
Has anyone used OOD with KeyCloak to set up 2FA to AD + Radius Get Help question	4	649	May 26, 2022
OOD 2.0.27 and Rocky Linux 8.6 authentications and beyond Get Help doc-request	6	540	February 4, 2023
XDMoD and OOD questions Get Help	4	552	May 26, 2022
Duo implementation without keycloak Get Help question	5	731	May 26, 2022

Support of Two Factor auth in absence of OIDC

Related topics