Using MFA for Radius
MFA can also be used with the Radius Authentication. To activate MFA for Radius:
Pre-requisite: Admin and users have the QR code, installed the Kron PAM mobile app, scanned the QR code with the mobile app, and MFA is enabled for the user group that will be using MFA for Radius connections.
- Establish an SSH connection to Kron PAM as the pamuser user
- Edit the sc_radiusd.conf file with the command below: vi /etc/raddb/sc_radiusd.conf
Check the configuration file to see if the parameter below is already configured. If not, add the lines below. If there is a hash (# ) sign in front of the parameters, delete the hash ( # ) sign to activate the parameter. If the parameter value is false, change it to true. (Default value is true) To type or add anything in the vi editor, first press the Insert button on the keyboard, then type in the necessary line. Press Esc to exit typing mode. To save the file press Esc, then colon (: ), then type in โwq!โ, and press enter. If you donโt want to save the changes on the file, press Esc, then colon (: ), then type in โq!โ, and press enter. sc_otp_enabled=true
When the OTP login screen comes up, the system message can be changed under the sc_radiusd.conf file. Default message: sc_otp_message="Single Connect - Please Enter OTP:"
Service restart is required for the change in the configuration file to take place. systemctl restart pam-radius.service