oathtool cannot be installed (oath-toolkit)

[ssbarnea]

It seems that opnsense is missing an important tool related to OTP (2nd authentication).

The oathtool cli is provided by oath-toolkit and allows generation of one time passwords /tokens, being valuable in any autentication that may have to provide one-time-passwords. The tools is packaged by Freebsd.

[fichtner]

This should be pretty easy to install:

# opnsense-code tools ports
# cd /usr/ports/security/oath-toolkit
# make install

[ssbarnea]

@fichtner Thanks, I already automated the process of installing freebsd packages with ansible https://github.com/ssbarnea/harem/blob/master/roles/router/tasks/main.yml#L6-L33 but I would have preffered to see it as a native/official opnsense package.\

PS. Compiling source code does not play very well with configuration management.

[fichtner]

The last update was: 2016-08-27: OATH Toolkit 2.6.2 Released

I don't think it meets our inclusion standards at this point as the software should be actively maintained. Even if it works now, it may break unexpectedly and we'll be forced to fix.

[ssbarnea]

AFAIK this is the only cli tool that could be used to generate OTP passwords but I mayb be wrong. If somone is forced to use OTP tokens to login (for openvpn server or client), this may be needed.

I do not mind using anything else, as long I can easily install it.

Anyway, the FreeBSD install path is ok for me. Thanks.

[fichtner]

@ssbarnea For now I have to decline, but if enough people want this we'll look into inclusion as a prebuilt package. We can always reevaluate later and this ticket is a good first step for others to find this. :)

Cheers, Franco

[nightgryphon]

well... I'm the another person looking for OTP support. Need this to use OpenConnect client with CiscoVPN. I also looking for TOTP support as second factor in OpenConnect plugin as user certificate as 2nd factor is not applicable in my case.