[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OATH-Toolkit-help] pam_oath and multiple tokens for a user

From: Tim Eggleston
Subject: Re: [OATH-Toolkit-help] pam_oath and multiple tokens for a user
Date: Sun, 17 Jun 2012 15:31:32 +0100
User-agent: Roundcube Webmail/0.8-rc

Hi Simon,

That sounds brilliant, thanks so much! I will get testing as soon as possible and come back to you with any feedback.

As a side note, I understand how you feel about the userfile concept, but I think for a lot of smaller/personal setups it might make more sense than having to implement something heavyweight like LDAP or a database (unless it was something like sqlite, I guess) to maintain state. Personally, I have pam_oath working on one machine as a test -- soon to be 4-6 others if the multiple-tokens thing works! ;-) -- and I couldn't be happier with how the whole thing is architected.

Thanks again!

 -- Tim


On 2012-06-17 00:06, Simon Josefsson wrote:

Tim, Fredrik,

Please try 1.12.4 which should support multiple lines with different
OATH secrets for a particular user.  So for example consider if you have
two devices with different secrest and you want both to permit access,
then you would have two different lines in the usersfile like this:

HOTP/E	user	-	333333
HOTP/E	user	-	444444

State should be kept per-device on each line.

The implementation uses my first idea, which isn't completely rock
solid, but neither is the entire usersfile concept.  It is a
quick'n'dirty solution that works in smaller environments.

I'd be very interested in hearing whether you managed to get it to work
or not!  I have not tested it alot yet.  I'll delay uploading this
version to Debian for a while, to avoid unnecessarily uploads in case I
made a mistake.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]