Project

General

Profile

Actions

Feature #4242

open

Two Factor or OTP Authentication for Admin Interface

Added by Charlie Ross about 9 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Authentication
Target version:
-
Start date:
01/19/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

Hi developers!

In a never-ending quest to beef up security, it would be great to have the ability of using two-factor authentication or one-time-passwords to access the admin interface (via web or ssh/console).

The Yubikey seems like a particularly popular system for accomplishing something like this. (http://www.yubikey.com)

Thank you for considering this,

Charlie

Actions #1

Updated by Chris Buechler about 9 years ago

Many if not most 2FA solutions support LDAP and/or RADIUS so are already supported. That said, enhancements here would be welcome.

Actions #2

Updated by Chris Buechler about 8 years ago

  • Category set to User Manager / Privileges
Actions #3

Updated by Dan Journo about 7 years ago

Ping. I'd love this as a built in feature! I'm using the local database and dont want to get into managing another system to gain access to two factor authentication.

Actions #4

Updated by Florent A over 6 years ago

This feature will be really helpful to meet the specifications from the PCI-DSS / ISO27001 or another security certs.

Actions #5

Updated by Jim Pingle over 4 years ago

  • Category changed from User Manager / Privileges to Authentication
Actions #6

Updated by Dan Journo over 4 years ago

Charlie Ross wrote:

Hi developers!

In a never-ending quest to beef up security, it would be great to have the ability of using two-factor authentication or one-time-passwords to access the admin interface (via web or ssh/console).

The Yubikey seems like a particularly popular system for accomplishing something like this. (http://www.yubikey.com)

Thank you for considering this,

Charlie

Totally agree. Even if it's possible with LDAP etc, it would be nice for it to come as a built-in feature to increase the uptake of 2FA for something as critical as a firewall.

Actions #7

Updated by Justin P almost 4 years ago

This is even more necessary with the recent vulnerabilities that were released.

Actions #8

Updated by Emanuel Persson over 3 years ago

I also really want to see this in the Future.

Actions #9

Updated by Eyvind Baadnes over 2 years ago

We would like to see this implemented. This year we have seen a big increase from companies requiring this feature. Any hope ?

Actions #10

Updated by Danilo Zrenjanin about 2 years ago

That can be accomplished using the FreeRadius package.

  1. Install the FreeRADIUS package and configure it for OTP with Google Authenticator, setup a NAS entry for localhost
  2. Add a new RADIUS auth server entry pointing to localhost
  3. Set pfSense to use RADIUS auth for the GUI

It's explained at the link below:
https://youtu.be/n2Z3rr4W2xw?t=3394

Actions

Also available in: Atom PDF