I want to construct a 2 factor authentication system using freeRADIUS for proxy and privacyIDEA for authentication in server. I read some documents about freeRADIUS and privacyIDEA, and find that rlm_rest module could be helpful for this. I find this document in privacyIDEA webside: http://privacyidea.readthedocs.io/en/master/application_plugins/rlm_rest.html#rlm-rest
and it just show how to install rlm_rest module in Ubuntu using apt-get, but my server is CentOS 7. So my first question is:
How to install the required packages of rlm_rest module in CentOS?
After that ,the document shows the configuration steps:
The authentication type needs to be configured in the /etc/freeradius/users file:
DEFAULT Auth-Type := rest
and the site configuration should invoke the module as follows:
authenticate {
Auth-Type rest {
rest
}
digest
unix
}
And I don`t know where I should invoke the “authenticate {…}”module? Does it should be write in /etc/freeradius/users ? This is my second question.
Could you please give me some advice or some references? Any help will be appreciate.
The authenticate section goes to your site configuration.
Also on CentOS this would be located in /etc/raddb/sites-enabled, which is linked to sites-available.
You should consider using the rlm_perl module, since this is more flexible.
http://privacyidea.readthedocs.io/en/master/application_plugins/rlm_perl.html#rlm-perl