OpenVPN + Yubico PAM



  • Hello!

    Im a pretty new user of pfSense and i managed to throw a OpenVPN with FreeRadius authentication together. It works flawlessly with PKI.

    What i want to know is if its possible for someone to compile a PAM module which i need for this solution to be complete. I use a device called Yubikey which generates OTPs (One Time Passwords) and the company selling the Yubikey called Yubico also makes a PAM-module called Yubico PAM (http://code.google.com/p/yubico-pam/).

    I read about the developer installation of pfSense and as a novice on BSD and compiling i thought id ask nicely here before i need to pull my hair :P

    Hopefully other ppl will find this useful too.



  • Read the howto, how to set up OpenVPN with authentication against an LDAP server.
    The authentication there happens with a PAM module as well.
    So i suppose you could just take the PAM module of yubico and replace the one for LDAP.



  • The problem is that the module from yubico is not compiled, how is this done?



  • Download their code and compile it.
    They have a ReadMe describing the needed steps:
    http://code.google.com/p/yubico-pam/wiki/ReadMe



  • ok so i downloaded the development iso of pfSense, downloaded ykclient (yubico-c-client) as required by yubico pam

    while running ./configure it states it needs curl, found a freebsd package of this. Installed it and running curl it states it needs libssl. I cant find this anywhere, package management in freebsd seems screwed or something.

    Arent there ANYONE out there with a nice freebsd server up which can compile these things and put it up somewhere?


Log in to reply