Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Software tokens possible ???

    Scheduled Pinned Locked Moved Captive Portal
    5 Posts 4 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vronp
      last edited by

      Hi all,

      I understand the pfsense Captive Portal feature is similar to the Cisco "authentication proxy".

      Has anyone tried or does anyone know if it would be possible to authenticate with a commercial or open source software token (WiKiD or SecurID) instead of going through a browser login/password combination?

      thanks,
      Dave

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        You can sponsor it.

        1 Reply Last reply Reply Quote 0
        • V
          vronp
          last edited by

          @ermal:

          You can sponsor it.

          Ok, can someone give me a ballpark estimate as to the amount of work involved?

          1 Reply Last reply Reply Quote 0
          • X
            XIII
            last edited by

            go here and ask

            http://forum.pfsense.org/index.php/board,34.0.html

            -Chris Stutzman
            Sys0:2.0.1: AMD Sempron 140 @2.7 1024M RAM 100GHD
            Sys1:2.0.1: Intel P4 @2.66 1024M RAM 40GHD
            freedns.afraid.org - Free DNS dynamic DNS subdomain and domain hosting.
            Check out the pfSense Wiki

            1 Reply Last reply Reply Quote 0
            • V
              Vin101
              last edited by

              Are you sure there is a problem here?

              I'm not running pfSense, but the docs <http: tinyurl.com="" yc6yrvp="">say pfSense's Captive Portal feature supports RADIUS.  The RSA Authentication Manager, the authentication server needed to support RSA SecurIDs – hardware tokens or software token-emulation apps -- includes an 802.1x-compliant RADIUS server, built around the Juniper Steel Belted RADIUS. (The RSA RADIUS server supports both PAP and EAP authentication protocols, including POTP, TTLS, PEAP, and EAP15.) See: <http: www.rsa.com="" node.aspx?id="1166">and <http: www.rsa.com="" node.aspx?id="1167">.

              Looks like a match! All the pieces are in place, so if it doesn't work, it can't be a major challenge to make it work.  (I'm a consultant to RSA so I know the SecurID world best. but I'm certain both the free and commercial versions of WikiD <http: www.wikidsystems.com="">are also fully RADIUS-compatible. I would be surprised if any commercial two-factor authentication system does not today support RADIUS.)

              Suerte,
                        _Vin

              @vronp:

              Hi all,

              I understand the pfsense Captive Portal feature is similar to the Cisco "authentication proxy".

              Has anyone tried or does anyone know if it would be possible to authenticate with a commercial or open source software token (WiKiD or SecurID) instead of going through a browser login/password combination?

              thanks,
              Dave</http:></http:></http:></http:>

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.