|
From: | Tim Eggleston |
Subject: | Re: [OATH-Toolkit-help] pam_oath and multiple tokens for a user |
Date: | Sun, 17 Jun 2012 15:31:32 +0100 |
User-agent: | Roundcube Webmail/0.8-rc |
Hi Simon, That sounds brilliant, thanks so much! I will get testing as soon as possible and come back to you with any feedback. As a side note, I understand how you feel about the userfile concept, but I think for a lot of smaller/personal setups it might make more sense than having to implement something heavyweight like LDAP or a database (unless it was something like sqlite, I guess) to maintain state. Personally, I have pam_oath working on one machine as a test -- soon to be 4-6 others if the multiple-tokens thing works! ;-) -- and I couldn't be happier with how the whole thing is architected. Thanks again! -- Tim
On 2012-06-17 00:06, Simon Josefsson wrote: Tim, Fredrik, Please try 1.12.4 which should support multiple lines with different OATH secrets for a particular user. So for example consider if you have two devices with different secrest and you want both to permit access, then you would have two different lines in the usersfile like this: HOTP/E user - 333333 HOTP/E user - 444444 State should be kept per-device on each line. The implementation uses my first idea, which isn't completely rock solid, but neither is the entire usersfile concept. It is a quick'n'dirty solution that works in smaller environments. I'd be very interested in hearing whether you managed to get it to work or not! I have not tested it alot yet. I'll delay uploading this version to Debian for a while, to avoid unnecessarily uploads in case I made a mistake. /Simon |
[Prev in Thread] | Current Thread | [Next in Thread] |