security-basics November 2007 archive
Main Archive Page > Month Archives  > security-basics archives
security-basics: Re: How (best) to use web-from entry of an OTP/

Re: How (best) to use web-from entry of an OTP/OPIE password to control a PF-firewall?

From: Brian Mayeur <brian.mayeur_at_nospam>
Date: Tue Nov 20 2007 - 18:05:55 GMT
To: security-basics@securityfocus.com


why not implementing openSSL?

On Nov 20, 2007 12:14 AM, Sean Malloy <spinelli85@gmail.com> wrote:
> On Mon, Nov 19, 2007 at 05:50:20PM -0800, Albert T wrote:
> > Sean
> >
> > > The first idea that came to my mind was authpf. Unfortunately it does not
> > > meet your above requirements because it requires shell access. I think
> > > you might want to consider using authpf instead. Here is a link to the
> > > authpf section in the OpenBSD PF FAQ.
> > >
> > > http://www.openbsd.org/faq/pf/authpf.html
> > >
> > > And a link to the authpf(8) man page for OpenBSD 4.2 release.
> > >
> > > http://www.openbsd.org/cgi-bin/man.cgi?query=authpf&sektion=8&manpath=OpenBSD+4.2
> >
> > I didn't know about AuthPF. Interesting.
> >
> > But, as you point out, only shell access, right?
>
>
> I have never actually set up authpf before but from the FAQ it looks
> like any user that authenticates has their shell set to
> /usr/sbin/authpf in /etc/passwd. So they don't get a traditional shell like ksh, csh,
> or bash. Any client machine would need SSH client software installed to connect.
>
>
> >
> > My remote users need to be able to access from "any Kinko's" (for
> > example) where there's no guarantee of Shell access, but *always* a
> > browser at hand.
>
>
> If you want your clients to connect from "any Kinko's" you might look at
> portable apps.
>
> http://portableapps.com/
>
> I saw a cool demo of portable apps about a month ago. They have a
> portable version of PuTTY. Install portable PuTTY on a USB flash
> drive and then keep the flash drive on your key chain. You can plug the USB flash
> drive into any computer running Microsoft Windows and run PuTTY off the flash drive.
>
>
>
> >
> > AuthPF does look like it's worth learning about.
> >
> > Thanks.
> >
> > Albert
>
> --
> Sean Malloy
> Home Page: www.catgrepsort.com
>