OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: Andreas on May 25, 2016, 04:59:27 pm

Title: [SOLVED] FR OTP Authentication in extra field on login and fallback settings
Post by: Andreas on May 25, 2016, 04:59:27 pm
Hi,
would be nice if the OTP is in a extra input field and that the fallback settings could be change like that not just only its possible to choice what is the fallback, it should be possible to determine on which scenario it comes to a fallback.
actually otp works - but the fallback seems to be possible every time :(
Title: Re: FR OTP Authentication in extra field on login and fallback settings
Post by: franco on May 25, 2016, 05:07:11 pm
Hi there,

So the story is that after adding OTP we actually realised that there was an automatic fallback to local auth. We didn't know about it before and it's really obscure although it can save a few people from locking themselves out.

https://github.com/opnsense/changelog/blob/master/doc/16.1.15#L13

;)


Cheers,
Franco
Title: Re: [SOLVED] FR OTP Authentication in extra field on login and fallback settings
Post by: Andreas on May 25, 2016, 05:25:31 pm
ok - so my request would be to make it configable under which condition the fallback will happen.

and the extra input field for the otp :D

thx
Title: Re: [SOLVED] FR OTP Authentication in extra field on login and fallback settings
Post by: franco on May 25, 2016, 05:26:48 pm
How would that look like?
Title: Re: [SOLVED] FR OTP Authentication in extra field on login and fallback settings
Post by: Andreas on May 25, 2016, 05:29:16 pm
just a second input
acutally you combine otp + password
i think this makes a lot of people confuse (normal user, not admins)

just a second input field named "otp" which just wil be shown if otp is activated

fallback could be btw a another password with a higher complexity... instead of just local auth

conditions:
perhaps you just can use the fallback via a special link (just functional for a certain time) emailed to your email adress from the firewall.
condition would be 5 times wrong user/pw combination...
Title: Re: [SOLVED] FR OTP Authentication in extra field on login and fallback settings
Post by: franco on May 25, 2016, 05:32:06 pm
I don't understand... How does it differ from what we have in 16.1.15 now?

http://imgur.com/kuZvGif
Title: Re: [SOLVED] FR OTP Authentication in extra field on login and fallback settings
Post by: Andreas on May 25, 2016, 05:34:47 pm
that the fallback is possible.. but not normally possible.
if you activate the fallback local otp is not really helping security
if you could activate local as fallback but you need a special links which opens a short timed session you can use your normal local as fallback but secured
Title: Re: [SOLVED] FR OTP Authentication in extra field on login and fallback settings
Post by: Andreas on May 25, 2016, 05:37:03 pm
btw - there do i get the voucher code for auth?