I am currently designing our new internal IT services, including IAM and e-mail. We currently use more or less no IAM or single sign-on solution. We have a WordPress based website, postfix + dovecot based mail server with separate MySQL user database, we currently rely on local users everywhere.
I would like to change that and implement an IAM solution, I am heading towards Active Directory as it has some great capabilities and is easy to support almost anything including Linux os-level accounts.
For MS Active Directory, we would like to use a combination of a small static password per user (4-8 characters) + 6 numeric characters Google Authenticator one-time-password.
I was wondering if anybody implemented something like that and what would be the best moving forward? I can think of two possible directions, one is to use software such as AuthLite, second is to implement FreeRADIUS integrated with Google Authenticator thru PAM and configure Active Directory to use this external FreeRADIUS server to authenticate against, does anybody know on how to achieve the later?
