EAP-OTP ================ .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is Expansion of EAP-OTP?** EAP-OTP stands for Extensible Authentication Protocol - One-Time Password. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is EAP-OTP?** EAP-OTP is an authentication protocol that uses a one-time password mechanism for secure authentication of a client to a server. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is EAP-OTP useful?** * Provides additional security by using passwords that expire after a single use. * Mitigates risks of password reuse and replay attacks. * Easy to implement with hardware or software token generators. * Useful for two-factor authentication scenarios. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * Client generates or receives a one-time password (OTP). * OTP is sent to the authentication server during the EAP exchange. * Server verifies OTP validity. * Authentication succeeds if OTP is valid and unused. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is EAP-OTP used?** * Enterprise wireless networks as an additional authentication method. * VPN authentication. * Systems requiring two-factor authentication. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * Application Layer (Layer 7) of the OSI model. * Operates within the EAP framework carried over network layers. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-OTP Windows specific?** * No, it is platform-independent. * Supported through various third-party supplicants on Windows. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-OTP Linux specific?** * No, it is supported on Linux via `wpa_supplicant` and other tools. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Transport Protocol is used by EAP-OTP?** * Runs over EAP, commonly encapsulated over: * EAPOL (Ethernet) * RADIUS (UDP) .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which Port is used by EAP-OTP?** * RADIUS authentication: UDP port 1812 .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-OTP using Client server model?** * Yes. * Client (supplicant) sends OTP to Authentication Server for verification. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-OTP protocol uses certificates?** * No, EAP-OTP typically relies on shared secrets and OTP generation rather than certificates. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How many frame exchanges are seen during connection for EAP-OTP protocol?** * Typically 4–6 EAP message exchanges depending on the implementation. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-OTP protocol uses client certificates?** * No, client certificates are not used. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Whether EAP-OTP protocol uses server certificates?** * No, server certificates are generally not used. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-OTP protocol dependent on TCP?** * No, EAP-OTP is transport agnostic and mostly used over UDP (RADIUS). .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Is EAP-OTP protocol dependent on UDP?** * Yes, commonly used over UDP via RADIUS. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What are the roles involved when testing EAP-OTP protocol?** * Supplicant (client) * Authenticator (e.g., Access Point) * Authentication Server (e.g., FreeRADIUS) .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-OTP protocol work with FreeRADIUS server on Linux?** * Yes, FreeRADIUS supports EAP-OTP with proper configuration. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Does EAP-OTP protocol work with Internal radius server of hostapd?** * Support depends on the version; many internal RADIUS servers have limited EAP-OTP support. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the RFC version used for EAP-OTP protocol?** * RFC 4794 .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **During connection procedure which EAPOL packets are encrypted?** * EAPOL packets themselves are generally not encrypted. * OTP is sent securely via RADIUS or other protected transport. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Can you explain different stages of connection procedure for EAP-OTP protocol?** * Client sends EAP identity request. * Server requests OTP from client. * Client sends generated OTP. * Server verifies OTP. * Server sends EAP Success or Failure. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is the final output of connection procedure?** * Authentication success or failure based on OTP verification. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`EAP_OTP Version&IEEE Details ` * :ref:`EAP_OTP FreeRadius Basic Setup on Ubuntu (2 Machines) ` * :ref:`EAP_OTP FreeRadius Basic Setup on Ubuntu (3 Machines) ` * :ref:`EAP_OTP Internal Radius Server Basic Setup on Ubuntu (2 Machines) ` * :ref:`EAP_OTP Protocol Packet Details ` * :ref:`EAP_OTP Usecases ` * :ref:`EAP_OTP Basic Features ` * :ref:`Reference links ` .. _EAP_OTP_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _EAP_OTP_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _EAP_OTP_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _EAP_OTP_step5: .. tab-set:: .. tab-item:: EAP_OTP Version&RFC Details * rfc details .. _EAP_OTP_step18: .. tab-set:: .. tab-item:: EAP_OTP FreeRadius Basic Setup on Ubuntu (2 Machines) * setup .. _EAP_OTP_step19: .. tab-set:: .. tab-item:: EAP_OTP FreeRadius Basic Setup on Ubuntu (3 Machines) * setup .. _EAP_OTP_step20: .. tab-set:: .. tab-item:: Internal Radius Server Basic Setup on Ubuntu (2 Machines) * setup .. _EAP_OTP_step6: .. tab-set:: .. tab-item:: EAP_OTP Protocol Packet Details * packet details .. _EAP_OTP_step7: .. tab-set:: .. tab-item:: EAP_OTP Usecases * usecases .. _EAP_OTP_step8: .. tab-set:: .. tab-item:: EAP_OTP Basic Features * features .. _EAP_OTP_step17: .. tab-set:: .. tab-item:: Reference links * Reference links