Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Permit Users to change their own password
« previous
next »
Print
Pages: [
1
]
Author
Topic: Permit Users to change their own password (Read 1945 times)
svenny
Newbie
Posts: 22
Karma: 2
Permit Users to change their own password
«
on:
May 24, 2021, 12:06:51 pm »
Hi all,
I want to offer my users the opportunity to change their password, so through "System: Access: Users: System Privileges" I gave them the "System: User Password Manager" permission. This is intended for VPN password changing every 90 days, so the users are able to change their password without admin intervention.
Is it safe to give out this kind of permission? (Access to the OPNsense GUI is allowed only via LAN.)
Many thanks in advance.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Permit Users to change their own password
«
Reply #1 on:
May 24, 2021, 07:15:24 pm »
Yes, but it is unclear to me how you want to enforce that password change rule with a local database.
The users are not forced to the GUI where they are forced to change their password, because they use the password to connect to the VPN first.
And if it is a remote database you can't change it from the web GUI.
Cheers,
Franco
Logged
svenny
Newbie
Posts: 22
Karma: 2
Re: Permit Users to change their own password
«
Reply #2 on:
May 24, 2021, 08:05:27 pm »
Many thanks for your reply. I would not enforce password changing to my users, I'll just suggest changing the password every 90 days via OPNsense GUI when they are connected to LAN (yes I'll use the local database of OPNsense). I've tested it now, it's even possible to change user's password when connected through the VPN, without loosing connection.
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Permit Users to change their own password
«
Reply #3 on:
May 24, 2021, 08:43:14 pm »
Right, that is no problem then.
You just got to be careful about the reneg-sec default of 3600 seconds that might disconnect you some time after password change since OpenVPN uses the old password to renegotiate.
It's a similar problem to using OTP with OpenVPN.
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Permit Users to change their own password