OpenVPN + Yubico PAM
-
Hello!
Im a pretty new user of pfSense and i managed to throw a OpenVPN with FreeRadius authentication together. It works flawlessly with PKI.
What i want to know is if its possible for someone to compile a PAM module which i need for this solution to be complete. I use a device called Yubikey which generates OTPs (One Time Passwords) and the company selling the Yubikey called Yubico also makes a PAM-module called Yubico PAM (http://code.google.com/p/yubico-pam/).
I read about the developer installation of pfSense and as a novice on BSD and compiling i thought id ask nicely here before i need to pull my hair :P
Hopefully other ppl will find this useful too.
-
Read the howto, how to set up OpenVPN with authentication against an LDAP server.
The authentication there happens with a PAM module as well.
So i suppose you could just take the PAM module of yubico and replace the one for LDAP. -
The problem is that the module from yubico is not compiled, how is this done?
-
Download their code and compile it.
They have a ReadMe describing the needed steps:
http://code.google.com/p/yubico-pam/wiki/ReadMe -
ok so i downloaded the development iso of pfSense, downloaded ykclient (yubico-c-client) as required by yubico pam
while running ./configure it states it needs curl, found a freebsd package of this. Installed it and running curl it states it needs libssl. I cant find this anywhere, package management in freebsd seems screwed or something.
Arent there ANYONE out there with a nice freebsd server up which can compile these things and put it up somewhere?