You are here: Home → Documentation & Support → How Tos → Using WiKID Strong Authentication with OpenVPN

Key Links: > Buy WiKID Online
> Test the Client
> Test the Server
> Read the WiKID Blog
> Chat with us on #wikid
> Contact Us

Feeds and Bookmarks: Digg this!; Del.ico.us; Google; Yahoo bookmarks; Reddit; Spurl; Simpy

Contact Us: WiKID Systems, Inc.
1375 Peachtree St.
Suite 600
Atlanta, Ga. 30309
866-244-1876
irc.freenode.net: #wikid

Using WiKID Strong Authentication with OpenVPN

How to configure OpenVPN to use WiKID Strong Authentication

These instructions will help you use WiKID Strong Authentication withOpenVPN on Linux.

Configure your Linux box via PAM to use TACACS+ and WiKID for SSH Authentication.or PAM RADIUS
Install OpenVPN according to their excellent howto

You will want to configure the server side to use an alternate authentication method, just add this to server.conf file (verify the location of openvpn-auth-pam.so):

plugin /usr/share/openvpn/plugin/lib/openvpn-auth-pam.so openvpn

client-cert-not-required
username-as-common-name

Then, on the client, specify that the user enter a password by adding this to the client.conf or client.opvn:

auth-user-pass

If you drop the requirement for client certificates on the server, you should also comment them out on the client:

#cert client.crt
#key client.key

Now you need to create the /etc/pam.d/openvpn file. It should only need two lines, one for authentication and one for account:

auth       sufficient   /lib/security/pam_radius_auth.so debug
account    sufficient    /lib/security/pam_radius_auth.so

That is it!

Recent Changes: Download Two-Factor Authentication Information & White Papers Jan 05, 2009; How to configure Apache to use Radius for Two-factor Authentication on Ubuntu Dec 31, 2008; Using FreeNX to secure Terminal Services and VNC with two-factor authentication Dec 30, 2008; Re:TACACS+ - The good and the bad Dec 26, 2008; Re:TACACS+ - The good and the bad Dec 25, 2008; All recent changes…