diff options
author | jim-p <jimp@pfsense.org> | 2013-02-13 15:54:27 -0500 |
---|---|---|
committer | jim-p <jimp@pfsense.org> | 2013-02-13 15:55:55 -0500 |
commit | bddd2be844d8f485ef41145c6384b7cacb74a944 (patch) | |
tree | dce329c6884c29aa7d7a7826826e1cd9fcb76032 /usr | |
parent | bcb165e66b703bbfa273b7d6317ad952ac07b7e1 (diff) | |
download | pfsense-bddd2be844d8f485ef41145c6384b7cacb74a944.zip pfsense-bddd2be844d8f485ef41145c6384b7cacb74a944.tar.gz |
Add a knob in the GUI to set the RADIUS authentication timeout. Previous default was 3s, new is 5s. When using two-factor auth via external (e.g. phone), this needs to be set much higher, 60-120.
Diffstat (limited to 'usr')
-rw-r--r-- | usr/local/www/system_authservers.php | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/usr/local/www/system_authservers.php b/usr/local/www/system_authservers.php index 2649d5b..39ac184 100644 --- a/usr/local/www/system_authservers.php +++ b/usr/local/www/system_authservers.php @@ -117,6 +117,7 @@ if ($act == "edit") { $pconfig['radius_auth_port'] = $a_server[$id]['radius_auth_port']; $pconfig['radius_acct_port'] = $a_server[$id]['radius_acct_port']; $pconfig['radius_secret'] = $a_server[$id]['radius_secret']; + $pconfig['radius_timeout'] = $a_server[$id]['radius_timeout']; if ($pconfig['radius_auth_port'] && $pconfig['radius_acct_port'] ) { @@ -212,6 +213,9 @@ if ($_POST) { if (auth_get_authserver($pconfig['name']) && !isset($id)) $input_errors[] = gettext("An authentication server with the same name already exists."); + if (isset($_POST['radius_timeout']) && (!is_numeric($_POST['radius_timeout']) || (is_numeric($_POST['radius_timeout']) && ($_POST['radius_timeout'] <= 0)))) + $input_errors[] = gettext("RADIUS Timeout value must be numeric and positive."); + /* if this is an AJAX caller then handle via JSON */ if (isAjax() && is_array($input_errors)) { input_errors2Ajax($input_errors); @@ -260,6 +264,9 @@ if ($_POST) { if ($pconfig['radius_secret']) $server['radius_secret'] = $pconfig['radius_secret']; + if ($pconfig['radius_timeout']) + $server['radius_timeout'] = $pconfig['radius_timeout']; + if ($pconfig['radius_srvcs'] == "both") { $server['radius_auth_port'] = $pconfig['radius_auth_port']; $server['radius_acct_port'] = $pconfig['radius_acct_port']; @@ -720,6 +727,15 @@ function select_clicked() { <input name="radius_acct_port" type="text" class="formfld unknown" id="radius_acct_port" size="5" value="<?=htmlspecialchars($pconfig['radius_acct_port']);?>"/> </td> </tr> + <tr> + <td width="22%" valign="top" class="vncellreq"><?=gettext("Authentication Timeout");?></td> + <td width="78%" class="vtable"> + <input name="radius_timeout" type="text" class="formfld unknown" id="radius_timeout" size="20" value="<?=htmlspecialchars($pconfig['radius_timeout']);?>"/> + <br /><?= gettext("This value controls how long, in seconds, that the RADIUS server may take to respond to an authentication request.") ?> + <br /><?= gettext("If left blank, the default value is 5 seconds.") ?> + <br /><br /><?= gettext("NOTE: If you are using an interactive two-factor authentication system, increase this timeout to account for how long it will take the user to receive and enter a token.") ?> + </td> + </tr> </table> <table width="100%" border="0" cellpadding="6" cellspacing="0"> |