I am trying to create a 2-factor authentication system for PPTP on pfSense,
and its feasibility depends upon being able to script the
addition/deletion/modification of PPTP user accounts. Can anyone tell me
what the command-line would be for adding user 'scott' identified by the
password 'tiger1234'? What would be the command for removing the user
'scott'?
The bigger picture would be that a road-warrior (Instead of carrying an RSA,
SecurID or Yubikey) would simply call a special telephone number (Hosted by
our Asterisk PBX) just prior to PPTP connection. The call would trigger our
Asterisk server to generate a single-use password suffix. The single-use
password suffix would be sent to the user's known phone number ("something
you have") via our SMS gateway, or via callback for voice delivery (to
eliminate CALLID spoof vulnerability). Asterisk would then look up, and
prepend the user's 'chosen' password to the single-use password ("something
you know"), and then connect to pfSense to insert the PPTP user account, and
schedule its subsequent removal.
I may also require to have the user record something in their own voice to
validate "Something you are". While not a true third factor, this would
give a margin of security for detecting unauthaorized access attemps.
Any CLI help would be appreciated!
Thanks!
-Karl
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
