User Passwords
-
Is it possible to force (or allow) a user change their own password for their Openvpn Road warrior connection?
-
Where are the passwords stored?
-
Local database on the OpenVPN Server
-
Then no. Sorry.
-
If those users are defined in the pfSense GUI, with a username and password there, you could grant them the WebCfg - System: User Password Manager privilege and make sure the rules allow them access to the GUI port. Then when they login to the firewall they will only be able to reach a page to change their own password.
The easiest way to do that is via group. Make a new group called
OpenVPNor similar and add your OpenVPN users to it, and grant that privilege to users in that group. As long as they don't have any other privileges, then all they can do is login to OpenVPN and change their password. -
Very nice jimp.
Simple to implement, and simple for the user to execute.
Works for me, many thanks. -
If I may suggest:
An ability to mandate a periodical password change? -
...mostly results in Users setting weak passwords. ;-)
-Rico
-
We then get into the issue of minimum password complexities regardless of who creates them
-
Feature Requests need to be placed on https://redmine.pfsense.org. Good Luck.
-
NIST removed the "periodic change" suggestion over a year ago, same for password complexity requirement suggestions. Password length is the only key factor now.
Remember: Upvote with the ๐ button for any user/post you find to be helpful, informative, or deserving of recognition!
Need help fast? Netgate Global Support!
Do not Chat/PM for help!
-
@jimp said in User Passwords:
Password length is the only key factor now.
Is there a minimum enforced for a pfSense user?
I think NIST suggests a minimum of 8. -
pfSense does not impose any requirements on passwords at the moment. You will get a warning if the password is left as
pfsensebut that's it.
