tac_plus‐ng: MFA support

Push-based Multi-factor authentications is supported for all tac_plus-ng authentication methods (both TACACS+ and RADIUS). MFA requires a suitable MAVIS backend to be configured.

MFA can be enabled on a per-user basis, like

user ... {
    ...
    mfa = yes # or 'no', or 'mfa acl = ...'
    ...
}

or at realm level:

mfa = yes # or 'no', or 'mfa acl = ...'

Also, this can be part of a TACPROFILE set by MAVIS.

The distribution comes with at trivial MFA mock-up MAVIS module to demonstrate MFA functionality: mavis_tacplus-ng-demo-mfa.pl

In production, a multi-threaded MAVIS backend (suggestion: radmavis-mt) should be used.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tac_plus‐ng: MFA support

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally