Change (t)otp response time from 30 seconds to 1 minute
-
I am quite new to pfSense, but I really love pfSense more and more. Also the state of the art (t)otp in FreeRadius, which makes pfSense as a whole enormously efficient and mature.
Though totp is working fine, I am wondering how (and where) I can change the totp response time in FreeRadius from 30 seconds to 1 minute?
Anybody?
-
There is a setting for OTP lifetime in Freeradius it's 20s default.
The resulting lifetime (in seconds) is the value entered here multiplied by 10 (i.e., 1 ~ 10s, 2 ~ 20s, 3 ~30s). Values higher than 12 are not allowed for security reasons. (Default: 2)
So set that to 6 for 1min.
Steve
-
@stephenw10 Helo Steve, Thank you very much for your help.
I could not get it working with the Aegis Authenthicator because it looks like Aegis has a bug and it only is working with the FreeRadius default TOTP settings.
So that is why I could not understand why I could not change the settingsHowever, after I installed Google Authenthicator I could extend the OPT Lifetime to 60 seconds and also change the Hash Algorithm to SHA256. Google Authenthicator automatically accepts those (non-default) settings