aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Wilke <nachtfalkeaw@web.de>2012-02-14 22:24:36 +0100
committerAlexander Wilke <nachtfalkeaw@web.de>2012-02-14 22:24:36 +0100
commit1eedb7b88b530e602866051c952bc2ccbd46a2b3 (patch)
tree288011a9904f4bda7c8d1a011525a4e9d8172754
parent9b35793debafe320e0934798cd01b8a45963abf7 (diff)
downloadpfsense-packages-1eedb7b88b530e602866051c952bc2ccbd46a2b3.tar.gz
pfsense-packages-1eedb7b88b530e602866051c952bc2ccbd46a2b3.tar.bz2
pfsense-packages-1eedb7b88b530e602866051c952bc2ccbd46a2b3.zip
OTP additions
-rw-r--r--config/freeradius2/freeradiussettings.xml21
1 files changed, 20 insertions, 1 deletions
diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index 4404b4bb..afa890d4 100644
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -318,7 +318,7 @@
<fieldname>varsettingsmotpenable</fieldname>
<description><![CDATA[This enables the possibility to authenticate against an username and an one-time-password. The client which generates OTP can be installed on various mobile device plattforms like Android and more. If you enable this the first time we need to download and install package "bash-4.1.7" so the process will need some time. (Default: unchecked)]]></description>
<type>checkbox</type>
- <enablefields>varsettingsmotptimespan,varsettingsmotppasswordattempts</enablefields>
+ <enablefields>varsettingsmotptimespan,varsettingsmotppasswordattempts,varsettingsmotpchecksumtype,varsettingsmotptokenlength</enablefields>
</field>
<field>
<fielddescr>OTP Lifetime</fielddescr>
@@ -335,6 +335,25 @@
<default_value>5</default_value>
</field>
<field>
+ <fielddescr>Hash algorithm</fielddescr>
+ <fieldname>varsettingsmotpchecksumtype</fieldname>
+ <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits as password. Perhaps there are some other/hardware tokens which use other hash types so you can perhaps adjust this here. But this <b>must</b> be equal on bothe sites! (Default: md5)]]></description>
+ <type>select</type>
+ <default_value>md5</default_value>
+ <options>
+ <option><name>MD5</name><value>md5</value></option>
+ <option><name>SHA1</name><value>sha1</value></option>
+ <option><name>SHA256</name><value>sha256</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Token Password length</fielddescr>
+ <fieldname>varsettingsmotptokenlength</fieldname>
+ <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits 1 to 6 as password. Perhaps there are some other/hardware tokens which use other digits so you can perhaps adjust this here. But this <b>must</b> be equal on bothe sites! (Default: 1-6)]]></description>
+ <type>input</type>
+ <default_value>1-6</default_value>
+ </field>
+ <field>
<name>MISCELLANEOUS CONFIGURATION</name>
<type>listtopic</type>
</field>