Yubico Forum
https://forum.yubico.com/

Opensource Yubiradius alternatives
https://forum.yubico.com/viewtopic.php?f=29&t=1305
Page 1 of 1

Author:  Neal [ Wed Jan 29, 2014 5:55 pm ]
Post subject:  Opensource Yubiradius alternatives

Hi All,

I have just woken up to the fact that YubiRadius has been discontinued. While I have no problems with YubiRadius I'd rather move over to something which is still being developed/maintained if possible.

So are there any viable open source replacements for Radius & Yubikey & AD authentication? Looking through the companies mentioned in their post there are several good looking commercial options but not much for the open source purist/cheapskate:
  • LinOTP has a community edition however only their Enterprise edition supports Active Directory
  • RCDevs OpenOTP system sounds like it would work but is only free for under 35 users, above that you need to contact them for pricing details.
  • Mike Clark's Yubidus looks like it never really got started (post from 2009 saying it would be out in a few weeks and the Google code repository for it has been removed)
  • Sun's OpenSSO software is listed as free open source however the links are dead and searching for it leads to a $85/user page so not sure if there is an open source edition?
  • and the Yubiradius and Radius on Premise systems have been discontinued.

Are there any other open source alternatives that are worth considering? Are enough people using YubiX as a replacement that these forums would be an effective way of supporting each other (although I can't see a YubiX forum section so assume not)? Or are most people sticking with YubiRadius for now?

Cheers,
Neal.

Author:  foxzilla [ Mon Feb 03, 2014 8:04 pm ]
Post subject:  Re: Opensource Yubiradius alternatives

I'm currently using YubiRADIUS. I'd be interested to try YubiX but I simply can't find any documentation for it. In fact, I can't even figure out whether it's something like the YubiRADIUS (works out of the box as a RADIUS OTP validator) or just a platform to develop our own stuff. :geek:

Author:  agizmo [ Thu Aug 28, 2014 4:46 pm ]
Post subject:  Re: Opensource Yubiradius alternatives

I have some great news. LinOTP open sourced all of their software components back in May with release 2.7. You can now use AD as your user database and there's no limit to the number of tokens created. The challenge you will now face is actually building a server. The open source version of LinOTP requires you to setup freeradius and LinOTP manually. I went through the setup this week and found a few gaps in the documentation, but ultimately got the two services talking to each other.

At the end of last year I was demoing the Enterprise Edition of LinOTP to see what it would take to get migrated off YubiRadius. During the time of my demo LSE added support for YubiCo's authentication algorithm, importing keys from the Personalization tool, and allowing auto assignments of YubiKeys. LSE was also able to add a feature request from me which populated the description field of the token view to list the key's public ID (similar to how YubiRadius lists keys). That helped me keep track of what keys were assigned to users.

Between demoing the Enterprise Edition last year and being able to build my own open source edition this week, I feel more confident in moving off of YubiRadius. With LinOTP I automatically gain support for other two-factor tokens, including time based OATH tokens like Google Authenticator. I'm looking at Google Authenticator as a method for allowing users to connect their phones & tablets to VPN. When Yubico ended support for YubiRadius they also stopped development on the YubiApp IOS/Android applications. IOS7 broke the app last year and YubiCo never officially released the Android version in the Play store. Now I think I can finally provide an alternative.

Author:  GRS [ Fri Sep 12, 2014 4:53 am ]
Post subject:  Re: Opensource Yubiradius alternatives

If you are looking for a YubiRADIUS alternative or replacement, give GreenRADIUS a try. (As of November 2013, Yubico has ceased developing and supporting YubiRADIUS.) All of the same features YubiRADIUS employed are included in GreenRADIUS with additional enhancements such as:

- Hardening
- Two-factor authentication for the administrator login
- Updated Ubuntu OS

GreenRADIUS is the next generation of YubiRADIUS and was developed by the same team that is now a part of Green Rocket Security, a Yubico enterprise partner. GreenRADIUS is fully supported, will be kept current, and has a roadmap for further enhancements.

See the comparison summary file detailing the key differences between GreenRADIUS and YubiRADIUS.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/