[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OATH-Toolkit-help] oath-toolkit-help Digest, Vol 9, Issue 2
From: |
Sergey |
Subject: |
Re: [OATH-Toolkit-help] oath-toolkit-help Digest, Vol 9, Issue 2 |
Date: |
Sun, 5 Jun 2011 00:51:36 +0400 |
Concerning the linux server question:
Linux has authentication framework called PAM.
Oath-toolkit provides pam module, that can be installed to any linux server.
But the problem is not all linux software uses this fw. For ssh, as I know -
yes, but pptpd and VMview servers - no. Try to find software, that uses pam f/w
or rewrite that software to use oathtool/oath.pam.
--------------
<@)%%>{
04.06.2011, в 20:00, address@hidden написал(а):
> Send oath-toolkit-help mailing list submissions to
> address@hidden
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help
> or, via email, send a message with subject or body 'help' to
> address@hidden
>
> You can reach the person managing the list at
> address@hidden
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of oath-toolkit-help digest..."
>
>
> Today's Topics:
>
> 1. Is this possible to setup our own token server? (Hailu Meng)
> 2. Wrong users file format? (Jakub Mikusek)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 2 Jun 2011 16:40:08 -0500
> From: Hailu Meng <address@hidden>
> To: address@hidden
> Subject: [OATH-Toolkit-help] Is this possible to setup our own token
> server?
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi All,
>
> I'm new to OATH and OATH toolkit. We are looking for some economic solution
> for token server. The RSA SecurID is kind of costly. We really don't need so
> many tokens. The number should be less than 200 in next 5 years. So could we
> install oath toolkit in linux server and use it with some oath compliant
> hardware token or software token? Our usage is primarily for protecting VPN,
> ssh and VMView.
>
> Do you guys think it's doable? I know scalability could be a issue, but we
> only have less than 200 tokens.
>
> Really appreciate your help.
>
> Lou
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> </archive/html/oath-toolkit-help/attachments/20110602/689d7c62/attachment.html>
>
> ------------------------------
>
> Message: 2
> Date: Fri, 3 Jun 2011 17:05:43 +0200
> From: Jakub Mikusek <address@hidden>
> To: "address@hidden" <address@hidden>
> Subject: [OATH-Toolkit-help] Wrong users file format?
> Message-ID:
> <address@hidden>
> Content-Type: text/plain; charset="us-ascii"
>
> Gents,
>
> I've been having quite hard time trying to make libpam_oath work - I keep
> getting "rc -12" error (user not found) - the /etc/users.oath file format I
> ripped off from the wiki.
> If anyone could give me a hint what I might have missed that would be awesome
> - thanks in advance!
>
> Best regards,
> J.
>
> My current setup:
> Ubuntu 10.04 Lucix x86
>
> /etc/pam.d/su:
> auth sufficient pam_rootok.so
> auth sufficient pam_oath.so usersfile=/etc/users.oath window=10
> digits=8 debug
> session required pam_env.so readenv=1
> session required pam_env.so readenv=1 envfile=/etc/default/locale
> session optional pam_mail.so nopen
> @include common-auth
> @include common-account
> @include common-session
>
> /etc/users.oath
> TOTP/T60 root - f6817671cddc98fa5e0dc399941686720681f0ff
> TOTP/T60 j.mikusek - f6817671cddc98fa5e0dc399941686720681f0ff
>
> And below output from the 'su' command:
>
> : address@hidden:~$ ;su
> [pam_oath.c:parse_cfg(118)] called.
> [pam_oath.c:parse_cfg(119)] flags 0 argc 4
> [pam_oath.c:parse_cfg(121)] argv[0]=usersfile=/etc/users.oath
> [pam_oath.c:parse_cfg(121)] argv[1]=window=10
> [pam_oath.c:parse_cfg(121)] argv[2]=digits=8
> [pam_oath.c:parse_cfg(121)] argv[3]=debug
> [pam_oath.c:parse_cfg(122)] debug=1
> [pam_oath.c:parse_cfg(123)] alwaysok=0
> [pam_oath.c:parse_cfg(124)] try_first_pass=0
> [pam_oath.c:parse_cfg(125)] use_first_pass=0
> [pam_oath.c:parse_cfg(126)] usersfile=/etc/users.oath
> [pam_oath.c:parse_cfg(127)] digits=8
> [pam_oath.c:parse_cfg(128)] window=10
> [pam_oath.c:pam_sm_authenticate(157)] get user returned: root
> One-time password (OATH) for `root':
> [pam_oath.c:pam_sm_authenticate(232)] conv returned: 05261958
> [pam_oath.c:pam_sm_authenticate(292)] OTP: 05261958
> [pam_oath.c:pam_sm_authenticate(303)] authenticate rc -12 last otp Thu Jan 1
> 01:00:00 1970
>
> [pam_oath.c:pam_sm_authenticate(309)] One-time password not authorized to
> login as user 'root'
> [pam_oath.c:pam_sm_authenticate(325)] done. [Authentication failure]
> Password:
> su: Authentication failure
> : address@hidden:~$ ;
>
>
>
> ------------------------------
>
> _______________________________________________
> oath-toolkit-help mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help
>
>
> End of oath-toolkit-help Digest, Vol 9, Issue 2
> ***********************************************
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [OATH-Toolkit-help] oath-toolkit-help Digest, Vol 9, Issue 2,
Sergey <=