Want to highlight a helpful answer? Upvote!
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >
Im currently looking for a solution to make my mac VPN server support 2 factor quthentication. Anyone got ideas?
Preferbly something open source or cheap as I am a small company.
Mac mini, OS X Server
Anybody? There must be a way to add 2FA to OS X Server VPN.
Any ideas?
They offer pam.d integration. Looks to be free for <=10 users. No personal affiliation and no personal experience with the product (yet -- coming soon.)
Arguably using a username/password and the pre-shared-key counts (just about) as two factors but I would agree this is generally regarded as inadequate. The next step up normally is to use an SSL certificate and again the username/password however Apple's VPN server does not support using certificates. I have successfully setup StrongSwan5 in a Linux VM and connected it via LDAP to Open Directory and been able to do SSL certificate authentication and username/password to Open Directory accounts. StrongSwan uses a PAM to do the LDAP authentication.
If you want to use something like a hardware token then most of these will require using commercial solutions as they require support at both the client end and the server end, e.g. RSA SecurID.
Have a look at this https://developers.yubico.com/yubico-pam/ it implements a PAM module that can authenticate users using a Yubikey, see also https://www.yubico.com/products/yubikey-hardware/ in theory you could use this with Strongswan.
Please let me know if you have good success with Duo.
I've been looking at setting this up with OneLogin.
2 Factor Authentication?
