Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FreeRadius or something else, for MFA without a PIN code?

    Scheduled Pinned Locked Moved
    pfSense Packages
    1
    1
    29
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Codefighter
      last edited by

      I have setup a pfSense firewall with OpenVPN and FreeRadius, and it's all working great. But I do have a problem with the fact that the FreeRadius users require a PIN code to enable MFA (mOTP or Goggle-Authenticator).

      I use Google Authenticator and Microsoft Authenticator for services like Google, ZoHo, GitHub, Microsoft O365, GoDaddy, DigitalOcean and more, and none of them require a PIN from me. FreeRadius PIN management is a problem as users forget them, can't change them, and as an admin I should not know a users PIN.

      Given that most phones have some form of access control like FaceID, fingerprint reader or lockscreen PIN, it seems like requiring another PIN is just an annoyance, especially since it's not needed by the services I listed above.

      I see someone requested this same feature in 2020, but it's just 'Open':
      https://redmine.pfsense.org/issues/10377

      So, is there any pfSense plugin, FreeRadius plugin/setting, or 3rd party cloud provider that would allow me to simply generate TOTP for a user in my setup without requiring them to use a PIN?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post