Feature #4242
openTwo Factor or OTP Authentication for Admin Interface
0%
Description
Hi developers!
In a never-ending quest to beef up security, it would be great to have the ability of using two-factor authentication or one-time-passwords to access the admin interface (via web or ssh/console).
The Yubikey seems like a particularly popular system for accomplishing something like this. (http://www.yubikey.com)
Thank you for considering this,
Charlie
Updated by Chris Buechler almost 10 years ago
Many if not most 2FA solutions support LDAP and/or RADIUS so are already supported. That said, enhancements here would be welcome.
Updated by Chris Buechler almost 9 years ago
- Category set to User Manager / Privileges
Updated by Dan Journo almost 8 years ago
Ping. I'd love this as a built in feature! I'm using the local database and dont want to get into managing another system to gain access to two factor authentication.
Updated by Florent A about 7 years ago
This feature will be really helpful to meet the specifications from the PCI-DSS / ISO27001 or another security certs.
Updated by Jim Pingle over 5 years ago
- Category changed from User Manager / Privileges to Authentication
Updated by Dan Journo over 5 years ago
Charlie Ross wrote:
Hi developers!
In a never-ending quest to beef up security, it would be great to have the ability of using two-factor authentication or one-time-passwords to access the admin interface (via web or ssh/console).
The Yubikey seems like a particularly popular system for accomplishing something like this. (http://www.yubikey.com)
Thank you for considering this,
Charlie
Totally agree. Even if it's possible with LDAP etc, it would be nice for it to come as a built-in feature to increase the uptake of 2FA for something as critical as a firewall.
Updated by Justin P almost 5 years ago
This is even more necessary with the recent vulnerabilities that were released.
Updated by Emanuel Persson about 4 years ago
I also really want to see this in the Future.
Updated by Eyvind Baadnes about 3 years ago
We would like to see this implemented. This year we have seen a big increase from companies requiring this feature. Any hope ?
Updated by Danilo Zrenjanin almost 3 years ago
That can be accomplished using the FreeRadius package.
- Install the FreeRADIUS package and configure it for OTP with Google Authenticator, setup a NAS entry for localhost
- Add a new RADIUS auth server entry pointing to localhost
- Set pfSense to use RADIUS auth for the GUI
It's explained at the link below:
https://youtu.be/n2Z3rr4W2xw?t=3394