Apple Event: May 7th at 7 am PT
Im currently looking for a solution to make my mac VPN server support 2 factor quthentication. Anyone got ideas?
Preferbly something open source or cheap as I am a small company.
Mac mini, OS X Server
Anybody? There must be a way to add 2FA to OS X Server VPN.
Any ideas?
They offer pam.d integration. Looks to be free for <=10 users. No personal affiliation and no personal experience with the product (yet -- coming soon.)
Arguably using a username/password and the pre-shared-key counts (just about) as two factors but I would agree this is generally regarded as inadequate. The next step up normally is to use an SSL certificate and again the username/password however Apple's VPN server does not support using certificates. I have successfully setup StrongSwan5 in a Linux VM and connected it via LDAP to Open Directory and been able to do SSL certificate authentication and username/password to Open Directory accounts. StrongSwan uses a PAM to do the LDAP authentication.
If you want to use something like a hardware token then most of these will require using commercial solutions as they require support at both the client end and the server end, e.g. RSA SecurID.
Have a look at this https://developers.yubico.com/yubico-pam/ it implements a PAM module that can authenticate users using a Yubikey, see also https://www.yubico.com/products/yubikey-hardware/ in theory you could use this with Strongswan.
Please let me know if you have good success with Duo.
I've been looking at setting this up with OneLogin.
2 Factor Authentication?
