Dear Community,
the Web Application Firewall uses mod_authnz_aua.so for the query of users and Passwords.
mod_authnz_aua.so caches the password (until livetime expires ) of the user when the reverse authentication feature is used.
It prevents the usage of OTP served by an external RADIUS: The same user is not able to use his actual OTP against the reverse authentication feature within the livetime of the session in the WAF.
( If he wants to work he needs to use the OTP from the initial login the whole time of possible re-logins. It's against the pilosophy of OTP - one Password ist used not only one time. )
How is it possible to get OTP working when it is served by external radius Servers and used for reverse authentication in the WAF ?
Regards,
Karsten Laskowski
Guest User!
You are not Sophos Staff.
