Cant Change Admin name?



  • Is there a way to change the Username generated by system, that is currently Admin?

    That is a major security concern. Brute forcing a password, granted is not easy, but its a lot easier when you know for a fact you have the correct user account lol.



  • The security could be enforced using a simple solution : not exposing your LAN network to any devices - remove the network cable and your done.
    For non trusted clients, use interfaces OPT1, etc, and add some useful firewall rules.
    Firewall rules on LAN could be used to accept only connections from a known IP.

    It is possible to disabled the "admin"'s GUI login possibility. I guess (didn't test) that SSH login will also be refused then.
    Create another user with admin rights - or at least, one that can enable "admin"'s right to login again.

    Btw : my admins's login by SSH is handled (of course) with a SSH public/private key.



  • Ahh yes if only it was that simple :P.

    The problem is it isnt, as I have to have users be able to change their passwords for the Captive portal, and right now they have to do that through the GUI, which is a flawed workaround for a password change option that should be stock and isnt IMO but that is irrelevant. (stock in the stock captive portal screen, not that I am using the stock screen lol. It is stock in OPNsense and pretty much every other firewall OS, so maybe I will snatch the code from them lol.)

    So until I can crack that egg, (or I should say someone helps me or I find example code for it as I am horrid with PHP) I'm stuck. As my business relies on the "Hotel Wifi".


  • Netgate

    You might consider a different authentication source instead of the firewall local users.

    Users probably shouldn't be enabled to make changes to a firewall's configuration.

    It sounds like you have much greater design problems than admin being called admin.



  • @Derelict:

    You might consider a different authentication source instead of the firewall local users.

    Users probably shouldn't be enabled to make changes to a firewall's configuration.

    It sounds like you have much greater design problems than admin being called admin.

    ?

    They can only change their user accounts password, wouldn't really call that changes to a firewall.

    Especially seeing how that is what Jimp, is highly recommending be done lol. In not only my other thread with similar questions, but a ton other on the forums.

    A different Auth source is all fine and good, except now that is more hardware, to do something I can already do with the Local. Sure if I had 1000s of usernames needed, I would do that, for the 35 rooms, not even close to worth it lol. So what other options is there? To run the different auth server on the same box? Well now I have to Visualize the PFsense and Auth server, which is even more of a security issue.

    Even then, adding a MYSQL server and using Radius, just adds more security vulnerabilities, More OSes means more issues.

    I have concerns about them accessing the GUI as well, that was brought up in the other thread. Jimp is assuring me, its fine, no matter where I go with what there is going to be an issue, its just deciding on the lesser of the evils.