oath-toolkit-help
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OATH-Toolkit-help] OATH toolkit PIN code support


From: Simon Josefsson
Subject: Re: [OATH-Toolkit-help] OATH toolkit PIN code support
Date: Thu, 05 May 2011 10:33:27 +0200
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/23.2 (gnu/linux)

Jean-Michel Pouré - GOOZE <address@hidden> writes:

> Dear all,
>
> We see the advancement of your project with great interest. 
>
> What happens when the OATH token is lost or stolen or used by someone
> else? In our opinion, it would be worth implementing a simple PIN code
> support in OATH toolkit, especially for PAM. 
>
> The PIN code is an additional password which is known by user.
>
> For example, if a user has one time password 123456 and PIN code is
> 7890, then user should input: 1234567890.

Hi.  This should be supported already.  The user has to enter 7890123456
though.  Check the section 'Two-factor authentication' of the PAM
"manual":

http://git.savannah.gnu.org/cgit/oath-toolkit.git/tree/pam_oath/README

I'm sure we could have better documentation and more instructions on how
to set this up.

Also, it would be nice if the PAM module instead of validating the
password against the usersfile (which is not a good storage for a
password), it would simply store the password as a PAM token and let
some other PAM module validate it.

/Simon



reply via email to

[Prev in Thread] Current Thread [Next in Thread]