Password of the Day
-
Has anyone implemented a Password of the Day-like configuration with pfSense Captive Portal? There are some firewall solutions that offer POTD as an option, and would love to use a feature like that instead of username/password.
-
You could just update a RADIUS password and hard-code the username in the form.
-
Design your own 'portal login page' with some PHP code.
This code selects the day number of the month - and thus a hidden user-name-on-that-day. You do this only ones.Define each "user-name-on-that-day" in the pfSense's Local user manager. Each with a password for that unique user (for that day). Every month, fill up you 29/30/31 users with new passwords (POTD).
-
I change some of my passwords weekly, but this could just as easily be done every day if need be.
I keep a list of passwords in a text file, with one password on each line. I use a short script (rotatefile.sh) on the RADIUS server to pick up the password from the top of the file and put it at the bottom:
#!/bin/sh
Take first line of wordfile
pw=
head -n 1 /root/wordfile.txt
echo "$pw"Delete first line in wordfile
sed -i 1d /root/wordfile.txt
Append wordfile with word taken from top
echo $pw >> /root/wordfile.txt
I then call this script from within another script which picks up the password from the file and uses it to update the entry for that login on the RADIUS server. Whether you use a flat-file or a SQL backend, either way it works:
t4=
/root/rotatefile.shThe t4 environment parameter can then be used to perform a 'sed' change on your users file or be parsed into your SQL database. As Derelict has suggested, you can post the username on the form itself if you need to.
