Karl Fife wrote:
I am trying to create a 2-factor authentication system for PPTP on
pfSense, and its feasibility depends upon being able to script the
addition/deletion/modification of PPTP user accounts. Can anyone tell
me what the command-line would be for adding user 'scott' identified
by the password 'tiger1234'? What would be the command for removing
the user 'scott'?
The bigger picture would be that a road-warrior (Instead of carrying
an RSA, SecurID or Yubikey) would simply call a special telephone
number (Hosted by our Asterisk PBX) just prior to PPTP connection. The
call would trigger our Asterisk server to generate a single-use
password suffix. The single-use password suffix would be sent to the
user's known phone number ("something you have") via our SMS gateway,
or via callback for voice delivery (to eliminate CALLID spoof
vulnerability). Asterisk would then look up, and prepend the user's
'chosen' password to the single-use password ("something you know"),
and then connect to pfSense to insert the PPTP user account, and
schedule its subsequent removal.
I may also require to have the user record something in their own
voice to validate "Something you are". While not a true third factor,
this would give a margin of security for detecting unauthaorized
access attemps.
Any CLI help would be appreciated!
Thanks!
-Karl
What's the budget?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
