Token2 TOTPRadius provides the RADIUS RFC-2865 for TOTP RFC-6238 based authentication. With TOTPRadius you can integrate a large variety of third-party products and systems with multi-factor authentication. A number of enterprise products and services like VPNs, Citrix XenApp/XenDesktop, VMWare View and many others provide support for RADIUS servers to validate second factor of user authentications. In addition to standard RADIUS protocol, you can also benefit from Web API or ready CMS Plugins that operate over RESTful API.
TOTPRadius supports OTP-only authentication based on RFC-2865 algorithm (TOTP: Time-Based One-Time Password Algorithm), LDAP authentication as well as LDAP+TOTP combined authentication. It provides a web based administration panel and an HTTPS REST based API service designed to enable users' self-enrollment.
TOTPRadius also allows enabling two-factor authenticaton with systems supporting single authentication source only. This is done by enabling LDAP component of the appliance - users will supply their regular passwords together with one-time passwords, TOTPRadius will split the password into two parts and validate OTP part locally and send the regular password to a LDAP server (e.g. an Active Directory controller); so, basically, acting as an LDAP proxy. You can view TOTPRadius web based administration panel screenshots here.
The main advantage of TOTPRadius is the RESTFul API that allows users to self-enroll with their software tokens such as Google Authenticator and Token2 Mobile OTP. An example of such an integration is self-enrollment mechanism with Citrix Netscaler/StoreFront. The integration can be done by installing our Storefront integration package and adding a new RADIUS authentication server on the Netscaler. It usually takes not more than five minutes to implement. Refer to Citrix integration manual for more details.
TOTPRadius is deployed as a software-based virtual appliance that run on two hypervisors: VMWare ESXi and Microsoft Hyper-V. Upon request, virtual appliances for other hypervisors can be provided. It is free to use with up to 5 users. You need to obtain a license to increase the number of allowed users.
VM Version: 11
Zipped OVA file
Configuration version: 8.0*
Zipped VM Folder
Important! If you decided to use TOTPRadius in production, make sure you have changed the default passwords. The password of the web administration user (admin:totpradius), can be (and has to be) changed via the web interface. Additionally, unless SSH access to the appliance is fully restricted (which is our recommendation, i.e. using a perimeter firewall etc.) you may want to change the password of the Ubuntu user following the instructions below:
1. Log in to your server with SSH. User (and default password): totpradius
2. Enter the command: passwd
3. Type your password, then press Enter.
4. When prompted for your current UNIX password, enter your SSH password, then press Enter.
5. Retype your new password and press enter. If successful, you will see the output: passwd: all authentication tokens updated successfully