Security Basics mailing list archives
Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall?
From: Sean Malloy <spinelli85 () gmail com>
Date: Tue, 20 Nov 2007 00:14:54 -0600
On Mon, Nov 19, 2007 at 05:50:20PM -0800, Albert T wrote:
SeanThe first idea that came to my mind was authpf. Unfortunately it does not meet your above requirements because it requires shell access. I think you might want to consider using authpf instead. Here is a link to the authpf section in the OpenBSD PF FAQ. http://www.openbsd.org/faq/pf/authpf.html And a link to the authpf(8) man page for OpenBSD 4.2 release. http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8&manpath=OpenBSD+4.2I didn't know about AuthPF. Interesting. But, as you point out, only shell access, right?
I have never actually set up authpf before but from the FAQ it looks like any user that authenticates has their shell set to /usr/sbin/authpf in /etc/passwd. So they don't get a traditional shell like ksh, csh, or bash. Any client machine would need SSH client software installed to connect.
My remote users need to be able to access from "any Kinko's" (for example) where there's no guarantee of Shell access, but *always* a browser at hand.
If you want your clients to connect from "any Kinko's" you might look at portable apps. http://portableapps.com/ I saw a cool demo of portable apps about a month ago. They have a portable version of PuTTY. Install portable PuTTY on a USB flash drive and then keep the flash drive on your key chain. You can plug the USB flash drive into any computer running Microsoft Windows and run PuTTY off the flash drive.
AuthPF does look like it's worth learning about. Thanks. Albert
-- Sean Malloy Home Page: www.catgrepsort.com
Current thread:
- How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall? Albert T (Nov 19)
- Message not available
- Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall? Albert T (Nov 20)
- Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall? Sean Malloy (Nov 20)
- Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall? Brian Mayeur (Nov 20)
- Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall? Albert T (Nov 20)
- Message not available
- Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall? Albert T (Nov 20)
- Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall? Nick Owen (Nov 20)
- Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall? Albert T (Nov 20)
- Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall? Albert T (Nov 20)
- Message not available
- Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall? Albert T (Nov 20)