Re: [OATH-Toolkit-help] oath-toolkit-help Digest, Vol 9, Issue 2

oath-toolkit-help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OATH-Toolkit-help] oath-toolkit-help Digest, Vol 9, Issue 2

From:	Sergey
Subject:	Re: [OATH-Toolkit-help] oath-toolkit-help Digest, Vol 9, Issue 2
Date:	Sun, 5 Jun 2011 00:51:36 +0400

Concerning the linux server question:
Linux has authentication framework called PAM.
Oath-toolkit provides pam module, that can be installed to any linux server. 
But the problem is not all linux software uses this fw. For ssh, as I know - 
yes, but pptpd and VMview servers - no. Try to find software, that uses pam f/w 
or rewrite that software to use oathtool/oath.pam.


--------------
<@)%%>{

04.06.2011, в 20:00, address@hidden написал(а):

> Send oath-toolkit-help mailing list submissions to
>    address@hidden
> 
> To subscribe or unsubscribe via the World Wide Web, visit
>    https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help
> or, via email, send a message with subject or body 'help' to
>    address@hidden
> 
> You can reach the person managing the list at
>    address@hidden
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of oath-toolkit-help digest..."
> 
> 
> Today's Topics:
> 
>   1. Is this possible to setup our own token server? (Hailu Meng)
>   2. Wrong users file format? (Jakub Mikusek)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Thu, 2 Jun 2011 16:40:08 -0500
> From: Hailu Meng <address@hidden>
> To: address@hidden
> Subject: [OATH-Toolkit-help] Is this possible to setup our own token
>    server?
> Message-ID: <address@hidden>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Hi All,
> 
> I'm new to OATH and OATH toolkit. We are looking for some economic solution
> for token server. The RSA SecurID is kind of costly. We really don't need so
> many tokens. The number should be less than 200 in next 5 years. So could we
> install oath toolkit in linux server and use it with some oath compliant
> hardware token or software token? Our usage is primarily for protecting VPN,
> ssh and VMView.
> 
> Do you guys think it's doable? I know scalability could be a issue, but we
> only have less than 200 tokens.
> 
> Really appreciate your help.
> 
> Lou
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: 
> </archive/html/oath-toolkit-help/attachments/20110602/689d7c62/attachment.html>
> 
> ------------------------------
> 
> Message: 2
> Date: Fri, 3 Jun 2011 17:05:43 +0200
> From: Jakub Mikusek <address@hidden>
> To: "address@hidden" <address@hidden>
> Subject: [OATH-Toolkit-help] Wrong users file format?
> Message-ID:
>    <address@hidden>
> Content-Type: text/plain; charset="us-ascii"
> 
> Gents,
> 
> I've been having quite hard time trying to make libpam_oath work - I keep 
> getting "rc -12" error (user not found) - the /etc/users.oath file format I 
> ripped off from the wiki.
> If anyone could give me a hint what I might have missed that would be awesome 
> - thanks in advance!
> 
> Best regards,
> J.
> 
> My current setup:
> Ubuntu 10.04 Lucix x86
> 
> /etc/pam.d/su:
> auth       sufficient pam_rootok.so
> auth       sufficient pam_oath.so usersfile=/etc/users.oath window=10 
> digits=8 debug
> session       required   pam_env.so readenv=1
> session       required   pam_env.so readenv=1 envfile=/etc/default/locale
> session    optional   pam_mail.so nopen
> @include common-auth
> @include common-account
> @include common-session
> 
> /etc/users.oath
> TOTP/T60 root - f6817671cddc98fa5e0dc399941686720681f0ff
> TOTP/T60 j.mikusek - f6817671cddc98fa5e0dc399941686720681f0ff
> 
> And below output from the 'su' command:
> 
> : address@hidden:~$ ;su
> [pam_oath.c:parse_cfg(118)] called.
> [pam_oath.c:parse_cfg(119)] flags 0 argc 4
> [pam_oath.c:parse_cfg(121)] argv[0]=usersfile=/etc/users.oath
> [pam_oath.c:parse_cfg(121)] argv[1]=window=10
> [pam_oath.c:parse_cfg(121)] argv[2]=digits=8
> [pam_oath.c:parse_cfg(121)] argv[3]=debug
> [pam_oath.c:parse_cfg(122)] debug=1
> [pam_oath.c:parse_cfg(123)] alwaysok=0
> [pam_oath.c:parse_cfg(124)] try_first_pass=0
> [pam_oath.c:parse_cfg(125)] use_first_pass=0
> [pam_oath.c:parse_cfg(126)] usersfile=/etc/users.oath
> [pam_oath.c:parse_cfg(127)] digits=8
> [pam_oath.c:parse_cfg(128)] window=10
> [pam_oath.c:pam_sm_authenticate(157)] get user returned: root
> One-time password (OATH) for `root': 
> [pam_oath.c:pam_sm_authenticate(232)] conv returned: 05261958
> [pam_oath.c:pam_sm_authenticate(292)] OTP: 05261958
> [pam_oath.c:pam_sm_authenticate(303)] authenticate rc -12 last otp Thu Jan  1 
> 01:00:00 1970
> 
> [pam_oath.c:pam_sm_authenticate(309)] One-time password not authorized to 
> login as user 'root'
> [pam_oath.c:pam_sm_authenticate(325)] done. [Authentication failure]
> Password: 
> su: Authentication failure
> : address@hidden:~$ ;
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> oath-toolkit-help mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/oath-toolkit-help
> 
> 
> End of oath-toolkit-help Digest, Vol 9, Issue 2
> ***********************************************

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [OATH-Toolkit-help] oath-toolkit-help Digest, Vol 9, Issue 2, Sergey <=

Prev by Date: [OATH-Toolkit-help] Wrong users file format?
Next by Date: Re: [OATH-Toolkit-help] Wrong users file format? [SOLVED]
Previous by thread: [OATH-Toolkit-help] Wrong users file format?
Next by thread: Re: [OATH-Toolkit-help] Wrong users file format? [SOLVED]
Index(es):
- Date
- Thread