Netgate SG-1000 microFirewall

Author Topic: Auto login with link  (Read 1837 times)

0 Members and 1 Guest are viewing this topic.

Offline marcvb

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +0/-1
    • View Profile
Auto login with link
« on: January 16, 2018, 08:12:28 am »
Hello,

Al of our pfsense we manage with a single dashboard but we want to create a link for each firewall containing the username and password.
Is there a way to pass the username and password to the firewall within the url to auto login without having to type the password ?

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 494
  • Karma: +45/-0
    • View Profile
Re: Auto login with link
« Reply #1 on: January 17, 2018, 04:32:45 am »
Buy something like 1Password to auto fill usernames & passwords.

Can't see it happening any other way as it's insecure having usernames & passwords in clear text.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15119
  • Karma: +1410/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Auto login with link
« Reply #2 on: January 17, 2018, 04:46:22 am »
I use lastpass.. it has a team sharing feature for passwords, etc.  So if you have multiple users..
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline marcvb

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +0/-1
    • View Profile
Re: Auto login with link
« Reply #3 on: January 17, 2018, 09:04:18 am »
Thank you for the reply's,

We use a password management software for this without a browser plugin.
The best thing will be that the administators do not know the admin/root password.
Is it maybe possible to create a user over ssh for the webgui?

Then i can create a script to create and deactivate users.
So when a employee leaves the company we can remove his account on all the firewalls.
The admin/root password will only be known to the owner or high privleged system managers.
We have over 80+ firewalls, thats why we are putting so much effort in central management.
These firewalls are on diffrent locations, with diffrent internet providers.

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 494
  • Karma: +45/-0
    • View Profile
Re: Auto login with link
« Reply #4 on: January 17, 2018, 09:37:18 am »
So when a employee leaves the company we can remove his account on all the firewalls.
The admin/root password will only be known to the owner or high privleged system managers.
We have over 80+ firewalls, thats why we are putting so much effort in central management.
These firewalls are on diffrent locations, with diffrent internet providers.

FreeRadius will do this, get it to use FreeRadius first for the auth then fall back to local usernames & passwords.

Never done it myself with my pfSense access but my local Linksys switches are using the radius server on my router.

This is how I'd do it if I had to.

You'd just need to add the routers to the client list and the users to the user list on the central server.

You can even set auto expire dates for the users.

Don't lock your self out like I did wiith a test VM :)

No page assigned to user, so it is using radius
« Last Edit: January 17, 2018, 10:53:10 am by NogBadTheBad »

Offline marcvb

  • Jr. Member
  • **
  • Posts: 36
  • Karma: +0/-1
    • View Profile
Re: Auto login with link
« Reply #5 on: January 17, 2018, 01:35:34 pm »
So when a employee leaves the company we can remove his account on all the firewalls.
The admin/root password will only be known to the owner or high privleged system managers.
We have over 80+ firewalls, thats why we are putting so much effort in central management.
These firewalls are on diffrent locations, with diffrent internet providers.

FreeRadius will do this, get it to use FreeRadius first for the auth then fall back to local usernames & passwords.

Never done it myself with my pfSense access but my local Linksys switches are using the radius server on my router.

This is how I'd do it if I had to.

You'd just need to add the routers to the client list and the users to the user list on the central server.

You can even set auto expire dates for the users.

Don't lock your self out like I did wiith a test VM :)

No page assigned to user, so it is using radius

Thanks that is a good solution, setting up a radius server right now.

Offline NogBadTheBad

  • Sr. Member
  • ****
  • Posts: 494
  • Karma: +45/-0
    • View Profile
Re: Auto login with link
« Reply #6 on: January 17, 2018, 04:02:33 pm »
Add the following in Additional RADIUS Attributes (REPLY-ITEM) Class := admins