From The Commons
Jump to: navigation, search

FreedomTunnel is a FLOSS ("free/libre open source software") Single Sign On ("SSO") One-Time-Password System.

See also DeploymentNotes.


The idea is that one can login to a Windows/Mac/Linux system, enter a one time password (PIN number + 6 digit code), and be authenticated to everything one can use that requires a password without further authentication prompts.

The core will probably be FreeIPA, which looks pretty compelling and will take care of a lot of the involved pieces (NTP/Ldap/Kerberos) in one shot. See this guide.

Add in RADIUS (via) and CoSign for web SSO (found at and you've got everything for single sign on / single password. Now we just need to add OTP.

Desired Features

  • Fully open source (all client and server pieces)
  • Runs in a highly available master/(multi)slave fashion in multiple data centers.
  • Must be seamless (login process is just username + password. Everything else is handled behind the scenes)
  • OTP generation client must support Android/Blackberry/Apple devices

User experience in different contexts:

  • Login to local workstation: this is a standard username/password combination. No network connectivity is required for this to function. However, if the device is connected to network already, then login system will indicate this and accept username/enhanced password (PIN+random digits). So a maximum of two logins is all that is ever required for access to any resource one controls.
  • SSH to a server/network device or browse to a webapp I control and not have any login prompts.

Supported Authentication Clients:

  • WPA-Enterprise 802.11 users on Windows, Mac, Linux
  • Workstation OS logins on Windows, Mac, Linux
  • VPN users (IPSEC/OpenVPN)
  • Web applications (Wordpress/MediaWiki/ and any other apps)

More Resources

Free Network Infrastructure Projects (edit)
Box - Node - Tower - Tunnel - Link
Network Operations Center - Lab - VoIP - Stack - Overview