https://github.com/fuzhenxin/google-authenticator-libpam-remote-verification

https://github.com/fuzhenxin/google-authenticator-libpam-remote-verification

Last synced: 2 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/fuzhenxin/google-authenticator-libpam-remote-verification
• Owner: fuzhenxin
• License: apache-2.0
• Created: 2022-05-09T02:05:34.000Z (almost 3 years ago)
• Default Branch: main
• Last Pushed: 2022-09-07T08:11:16.000Z (over 2 years ago)
• Last Synced: 2024-12-26T21:08:50.647Z (4 months ago)
• Language: C
• Size: 237 KB
• Stars: 1
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# google-authenticator-libpam-remote-verification

The original google-authenticator-libpam verifies the code in the login server. If the server is hacked, all the secret will be lost. To improve the security for the system, the code is modified to verify the code in remote server. The code is sent to another python socket server called ClientServer through unix file. The the code then is sent to Server to verify. The Server connects with mysql to get the otp secret to verify.

## Install google-authenticator-libpam

```bash

cd google-authenticator-libpam

./bootstrap.sh

./configure

make

cp .libs/pam_google_authenticator.so /usr/lib64/security

```

## Config google-authenticator-libpam

1. The ``user`` parameter must be set in ``/etc/pam.d/sshd``

2. The ``socket`` parameter must be set to connect with ClientServer and is should be the same with ``SOCK_ADDR`` in ``config.py``

3. Other setting is the same in original google-authenticator-libpam

4. The following parameters do not work any more: secret, noskewadj, grace_period

5. Example:``auth required pam_google_authenticator.so user=otp socket=/tmp/sock1``

## Run Servers

1. Server: ``python3 OTPServer.py server`` in a verification server which can connect to mysql.

2. ClientServer: ``sudo -u username python3 OTPServer.py client`` in the login server. ``username`` should be the same with user in ``/etc/pam.d/sshd``

## OTP Utils

1. ``python3 OTPServer.py util new username`` set new otp secret the speficy user.

2. ``python3 OTPServer.py util get username`` get otp secret the speficy user.

1. ``python3 OTPServer.py util verify username otpcode`` verify the otpcode for a specific user.