OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: strebor on November 05, 2016, 11:09:43 am

Title: PAM
Post by: strebor on November 05, 2016, 11:09:43 am
Hi opnsensonians.
Am I correct in thinking that from 17.1 I will be able to use Yubico's PAM module on OpenVpn?

Regards Strebor
Title: Re: PAM
Post by: franco on November 07, 2016, 07:36:57 am
Hi Strebor,

I don't think so. PAM authentication on the roadmap is supposed to do the following:

Provide a unified PAM plugin for the full OPNsense authentication framework so that you can e.g. use TOTP on SSH connections.

It potentially allows us to expand all PAM-capable services to use said framework, driven from the config.xml, fully restorable and also freely extensible in terms of future plugins.

Does that answer your question?


Cheers,
Franco
Title: Re: PAM
Post by: strebor on November 08, 2016, 10:49:52 am
Thanks Franco, I was hoping to use my Yubikey for authentication just with OpenVPN.
Strebor
Title: Re: PAM
Post by: franco on November 08, 2016, 11:28:03 am
YubiKey authentication would be intersting for our core authentication framework, not just OpenVPN. So far we've incorporated TOTP, but we're not against including other types. It's just that we can't align more authentication methods with the global roadmap and the work we still want to do in other parts of the system or the underlying system components.

You can open a feature request on GitHub, chances are that somebody will agree and work on it, although no guarantees can be given:

https://github.com/opnsense/core/issues


Thanks,
Franco