[OATH-Toolkit-help] Bug#807992: Bug#807992: per user oath files

[Antoine Beaupré]

On 2015-12-16 06:21:01, Ilkka Virta wrote:
> A problem with doing that, is that anything that runs with the user's 
> permissions could trivially read the secret key from the user's home 
> directory. With SSH keys it's not a problem, since they are _public_ 
> keys. Plus, a user could do something stupid, like resetting the OTP 
> counter on every login, so they wouldn't need to use a pesky changing 
> password, but instead use the same one always...
>
> I think some unix-like systems have per-user password files under /etc, 
> so that they don't need setuid-root helpers to access them, but there 
> still is some program to sanity check the password the user tries to 
> set. (a setgid helper plus some trickery with file and directory 
> permissions.) Doing something like that would simplify the backend, but 
> of course you'd still need a helper application to access the files.

Right, you are right of course. I do think it's critical to keep that
file from being readable from random apps. The format *is* also a little
brittle so it seems important to have standardized access as well...

Maybe having a system similar to shadow passwords would be necessary
here: there could be a secret file that can only be read by root (or
with the right caps) and would need a special tool (oath.passwd?) to
reset.

so harder than i thought...

a.
-- 
Si l'image donne l'illusion de savoir
C'est que l'adage pretend que pour croire,
L'important ne serait que de voir
                        - Lofofora