Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Change (t)otp response time from 30 seconds to 1 minute

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 502 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      maartenv
      last edited by maartenv

      I am quite new to pfSense, but I really love pfSense more and more. Also the state of the art (t)otp in FreeRadius, which makes pfSense as a whole enormously efficient and mature.

      Though totp is working fine, I am wondering how (and where) I can change the totp response time in FreeRadius from 30 seconds to 1 minute?

      Anybody?

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        There is a setting for OTP lifetime in Freeradius it's 20s default.

        The resulting lifetime (in seconds) is the value entered here multiplied by 10 (i.e., 1 ~ 10s, 2 ~ 20s, 3 ~30s).
        Values higher than 12 are not allowed for security reasons. (Default: 2)
        

        So set that to 6 for 1min.

        Steve

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          maartenv @stephenw10
          last edited by maartenv

          @stephenw10 Helo Steve, Thank you very much for your help. 👍

          I could not get it working with the Aegis Authenthicator because it looks like Aegis has a bug and it only is working with the FreeRadius default TOTP settings.
          So that is why I could not understand why I could not change the settings

          However, after I installed Google Authenthicator I could extend the OPT Lifetime to 60 seconds and also change the Hash Algorithm to SHA256. Google Authenthicator automatically accepts those (non-default) settings

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.