diff options
| author | Alexander Wilke <nachtfalkeaw@web.de> | 2012-02-14 22:24:36 +0100 |
|---|---|---|
| committer | Alexander Wilke <nachtfalkeaw@web.de> | 2012-02-14 22:24:36 +0100 |
| commit | 1eedb7b88b530e602866051c952bc2ccbd46a2b3 (patch) | |
| tree | 288011a9904f4bda7c8d1a011525a4e9d8172754 /config/freeradius2/freeradiussettings.xml | |
| parent | 9b35793debafe320e0934798cd01b8a45963abf7 (diff) | |
| download | pfsense-packages-1eedb7b88b530e602866051c952bc2ccbd46a2b3.tar.gz pfsense-packages-1eedb7b88b530e602866051c952bc2ccbd46a2b3.tar.bz2 pfsense-packages-1eedb7b88b530e602866051c952bc2ccbd46a2b3.zip | |
OTP additions
Diffstat (limited to 'config/freeradius2/freeradiussettings.xml')
| -rw-r--r-- | config/freeradius2/freeradiussettings.xml | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index 4404b4bb..afa890d4 100644 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -318,7 +318,7 @@ <fieldname>varsettingsmotpenable</fieldname> <description><![CDATA[This enables the possibility to authenticate against an username and an one-time-password. The client which generates OTP can be installed on various mobile device plattforms like Android and more. If you enable this the first time we need to download and install package "bash-4.1.7" so the process will need some time. (Default: unchecked)]]></description> <type>checkbox</type> - <enablefields>varsettingsmotptimespan,varsettingsmotppasswordattempts</enablefields> + <enablefields>varsettingsmotptimespan,varsettingsmotppasswordattempts,varsettingsmotpchecksumtype,varsettingsmotptokenlength</enablefields> </field> <field> <fielddescr>OTP Lifetime</fielddescr> @@ -335,6 +335,25 @@ <default_value>5</default_value> </field> <field> + <fielddescr>Hash algorithm</fielddescr> + <fieldname>varsettingsmotpchecksumtype</fieldname> + <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits as password. Perhaps there are some other/hardware tokens which use other hash types so you can perhaps adjust this here. But this <b>must</b> be equal on bothe sites! (Default: md5)]]></description> + <type>select</type> + <default_value>md5</default_value> + <options> + <option><name>MD5</name><value>md5</value></option> + <option><name>SHA1</name><value>sha1</value></option> + <option><name>SHA256</name><value>sha256</value></option> + </options> + </field> + <field> + <fielddescr>Token Password length</fielddescr> + <fieldname>varsettingsmotptokenlength</fieldname> + <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits 1 to 6 as password. Perhaps there are some other/hardware tokens which use other digits so you can perhaps adjust this here. But this <b>must</b> be equal on bothe sites! (Default: 1-6)]]></description> + <type>input</type> + <default_value>1-6</default_value> + </field> + <field> <name>MISCELLANEOUS CONFIGURATION</name> <type>listtopic</type> </field> |