Software tokens possible ???



  • Hi all,

    I understand the pfsense Captive Portal feature is similar to the Cisco "authentication proxy".

    Has anyone tried or does anyone know if it would be possible to authenticate with a commercial or open source software token (WiKiD or SecurID) instead of going through a browser login/password combination?

    thanks,
    Dave



  • You can sponsor it.



  • @ermal:

    You can sponsor it.

    Ok, can someone give me a ballpark estimate as to the amount of work involved?





  • Are you sure there is a problem here?

    I'm not running pfSense, but the docs <http: tinyurl.com="" yc6yrvp="">say pfSense's Captive Portal feature supports RADIUS.  The RSA Authentication Manager, the authentication server needed to support RSA SecurIDs – hardware tokens or software token-emulation apps -- includes an 802.1x-compliant RADIUS server, built around the Juniper Steel Belted RADIUS. (The RSA RADIUS server supports both PAP and EAP authentication protocols, including POTP, TTLS, PEAP, and EAP15.) See: <http: www.rsa.com="" node.aspx?id="1166">and <http: www.rsa.com="" node.aspx?id="1167">.

    Looks like a match! All the pieces are in place, so if it doesn't work, it can't be a major challenge to make it work.  (I'm a consultant to RSA so I know the SecurID world best. but I'm certain both the free and commercial versions of WikiD <http: www.wikidsystems.com="">are also fully RADIUS-compatible. I would be surprised if any commercial two-factor authentication system does not today support RADIUS.)

    Suerte,
              _Vin

    @vronp:

    Hi all,

    I understand the pfsense Captive Portal feature is similar to the Cisco "authentication proxy".

    Has anyone tried or does anyone know if it would be possible to authenticate with a commercial or open source software token (WiKiD or SecurID) instead of going through a browser login/password combination?

    thanks,
    Dave</http:></http:></http:></http:>


Log in to reply