|
|
|
@ -44,19 +44,26 @@ for a specific user group. A user should be an individual, a group needs to be
|
|
|
|
|
specific in such a way that anyone of that group can be granted the same access
|
|
|
|
|
rights, called privileges.
|
|
|
|
|
|
|
|
|
|
Services
|
|
|
|
|
Authentication services
|
|
|
|
|
----------------------------------
|
|
|
|
|
|
|
|
|
|
The authentication service to use can be configured using the settings in **System->Access->Settings**.
|
|
|
|
|
Here you can also find timeout settings for the user sessions and for local user accounts you will have the option
|
|
|
|
|
to improve security using password policy constraints.
|
|
|
|
|
Authentication services can be configured using the settings in **System->Access->Servers**.
|
|
|
|
|
This includes both local accounts and remote authentication.
|
|
|
|
|
|
|
|
|
|
Below an overview of the settings, which are available:
|
|
|
|
|
By default, OPNsense GUI login will use local accounts. This can be changed, however,
|
|
|
|
|
by going to **System->Settings->Administration**, scrolling down to the "Authentication" group,
|
|
|
|
|
and changing the 'Server' option.
|
|
|
|
|
|
|
|
|
|
Local account configuration
|
|
|
|
|
---------------------------
|
|
|
|
|
|
|
|
|
|
Settings for handling login via local accounts can be set by going to **System->Access->Servers**,
|
|
|
|
|
then clicking the 'Edit' icon (a pencil) for 'Local Database'. Here, you can improve security of
|
|
|
|
|
local user accounts by setting password length and complexity constraints.
|
|
|
|
|
|
|
|
|
|
An overview of available settings:
|
|
|
|
|
|
|
|
|
|
===================================== ============================================================================================
|
|
|
|
|
**Session Timeout** Session timeout if other then our default.
|
|
|
|
|
**Authentication Server** Primary authentication method to use.
|
|
|
|
|
**Authentication Server (fallback)** Fallback option if primary service fails.
|
|
|
|
|
**Policy** Enable password policy constraints.
|
|
|
|
|
**Duration** [Policy] Password duration, optionally define how often the user should change his or her password.
|
|
|
|
|
**Length** [Policy] Minimum password length to require.
|
|
|
|
|