[stunnel-users] One Time Password for https two factor authentication

Michal Trojnara Michal.Trojnara at mirt.net
Sat Oct 31 00:37:21 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Martin,

As far as I understood your description what you need is additional
authentication of web application sessions, rather than authentication
of individual TLS connections.

I guess you need a specialized reverse HTTP(S) proxy.  Stunnel is a
generic TCP/TLS proxy.  It has no understanding of HTTP and web
applications.

Best regards,
	Mike

On 29.10.2015 21:11, hamburg-barmbek at gmx.de wrote:
> at the moment we’re using a https-Wrapper-Service in our 
> firewall-appliance to manage restricted access to some of our
> websites. For two factor authentication we’re using privacyIDEA as
> radius server. Most of our users/employees are using for one time
> password generation the "Google Authenticator" App. Some are using
> "Feitian C-200" (but I do not like the C-200, because I do not know
> how to program a new seed by myself). Both generators are based on
> the quite simple TOTP Algorithm 
> (https://tools.ietf.org/html/rfc6238). The https-password is a 
> combination of a fixed password directly followed by the TOTP
> password.
> 
> Because we want to change the firewall-appliance, we have to find a
> new solution. Is it possible (or is it a planned feature for the
> near future) to handle authentication in stunnel with radius? Or
> even better/simpler, is TOTP supported by stunnel? I wasn't able to
> find anything like this in the documentation.
> 
> Regards, Martin
> 
> 
> 
> 
> _______________________________________________ stunnel-users
> mailing list stunnel-users at stunnel.org 
> https://www.stunnel.org/cgi-bin/mailman/listinfo/stunnel-users
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJWM/8xAAoJEC78f/DUFuAUuLAQAKiUHGo3l+FZi8xcEm/8Il1A
Ht9CLNXlrKRRtrbRPNK3GloTaMtcPWvYl18UXvk3X0wBIC9ADLUU0RsBCxwJpqNC
uaxoBS8mlxVz7vuSygKuSIIajQElY/zQD8r5LecOCxlM1sQqflplMwu7by1X3nK5
1kxoy9wbt/JARFLcZG3tBd2m3nJEBh6VBD4q4L9yYwU92LrpoDlP47TZg+clMz/w
8sNgQj6TG3srhF1k6kHM7Ggi3/y4oJIcyF1PhDFROKLN6Sx1LukqcO3JDLTqfiF7
6OBQPCsOE4iXN0Urt0ldnOKivdikLHYUPCdAM/YUhafCagD4Lq6XDqIjZFcfxCNo
TYayROXZJPQPOvDvsLF9tM//luQrEV36UHjqWAvSl9l3cyZj3TqqSvyl+dh1VMke
0ru8vcaFsnoYDufGFOJG1byVj2jsnjTuYmD7Dwr+pocfjwIvbRXuh5+ayOZaUHGt
iEbreZar+x4Ok/yDY9DRCSjYgBIu5dcQNTSr7TvD/PcngdPV2QIAI1IwnuJzKPGx
zQBm1BoghDN0EWvDRXA6HbsyuiB0ecTIRAuHA8acM0kYQyXLoan7wpwAL7bhNyoR
3vj6pc1lypMdkgv5ke9aRIsQxxIX6PVJq7j66Z77sM2I6CnuoW4YXH9tqGIvawBx
WSOxj81HY+x6+bwLYVtf
=KtpX
-----END PGP SIGNATURE-----



More information about the stunnel-users mailing list