PAM

Started by strebor, November 05, 2016, 11:09:43 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
PAM
November 05, 2016, 11:09:43 AM
Hi opnsensonians.
Am I correct in thinking that from 17.1 I will be able to use Yubico's PAM module on OpenVpn?

Regards Strebor
November 07, 2016, 07:36:57 AM #1
Hi Strebor,

I don't think so. PAM authentication on the roadmap is supposed to do the following:

Provide a unified PAM plugin for the full OPNsense authentication framework so that you can e.g. use TOTP on SSH connections.

It potentially allows us to expand all PAM-capable services to use said framework, driven from the config.xml, fully restorable and also freely extensible in terms of future plugins.

Does that answer your question?


Cheers,
Franco
November 08, 2016, 10:49:52 AM #2
Thanks Franco, I was hoping to use my Yubikey for authentication just with OpenVPN.
Strebor
November 08, 2016, 11:28:03 AM #3
YubiKey authentication would be intersting for our core authentication framework, not just OpenVPN. So far we've incorporated TOTP, but we're not against including other types. It's just that we can't align more authentication methods with the global roadmap and the work we still want to do in other parts of the system or the underlying system components.

You can open a feature request on GitHub, chances are that somebody will agree and work on it, although no guarantees can be given:

https://github.com/opnsense/core/issues


Thanks,
Franco
Print
Go Up Pages1
User actions