| 1 |
PAM module for FreeAuth |
|---|
| 2 |
-------------------------------- |
|---|
| 3 |
|
|---|
| 4 |
FreeAuth is a solution for strong two factor authentication. |
|---|
| 5 |
See http://www.freeauth.org/ for more details. |
|---|
| 6 |
|
|---|
| 7 |
FreeAuth is based on code originally developed for Mobile OTP |
|---|
| 8 |
however Mobile OTP suffered several problems and was improved |
|---|
| 9 |
upon to over come these weaknesses. |
|---|
| 10 |
|
|---|
| 11 |
Go to http://motp.sf.net for the orginal versions. |
|---|
| 12 |
|
|---|
| 13 |
PLATFORMS |
|---|
| 14 |
~~~~~~~~~ |
|---|
| 15 |
|
|---|
| 16 |
The PAM module for FreeAuth was developed and tested for |
|---|
| 17 |
- Linux Ubuntu 6.06 and 7.04 |
|---|
| 18 |
|
|---|
| 19 |
INSTALLATION |
|---|
| 20 |
~~~~~~~~~~~~ |
|---|
| 21 |
|
|---|
| 22 |
Supported module types are "auth" and "password". |
|---|
| 23 |
|
|---|
| 24 |
For installation you must: |
|---|
| 25 |
|
|---|
| 26 |
1. Think about what you are going to do. Especially read the |
|---|
| 27 |
documentation about FreeAuth. And you should know what PAM |
|---|
| 28 |
is and how it works ... |
|---|
| 29 |
|
|---|
| 30 |
2. Copy sample configuration file "freeauth.conf" into /etc/security. |
|---|
| 31 |
Set file permission to rw-------. |
|---|
| 32 |
|
|---|
| 33 |
3. Insert lines like |
|---|
| 34 |
auth requisite /lib/security/pam_freeauth.so not_set_pass |
|---|
| 35 |
and |
|---|
| 36 |
password required /lib/security/pam_freeauth.so debug |
|---|
| 37 |
into your pam config file, e. g. /etc/pam.d/common-auth |
|---|
| 38 |
|
|---|
| 39 |
4. Copy pam_freeauth.so to /lib/security. |
|---|
| 40 |
|
|---|
| 41 |
5. Create the directory /var/cache/freeauth. |
|---|
| 42 |
|
|---|
| 43 |
6. Try to log in with FreeAuth _before_ finishing your actual session. |
|---|
| 44 |
|
|---|
| 45 |
|
|---|
| 46 |
|
|---|
| 47 |
CONFIGURATION |
|---|
| 48 |
~~~~~~~~~~~~~ |
|---|
| 49 |
|
|---|
| 50 |
Recognized options are: |
|---|
| 51 |
|
|---|
| 52 |
auth: |
|---|
| 53 |
users=<filename> |
|---|
| 54 |
for setting a different configuration file as |
|---|
| 55 |
/etc/security/freeauth.conf |
|---|
| 56 |
|
|---|
| 57 |
cache=<dirname> |
|---|
| 58 |
for using a different cache directory. |
|---|
| 59 |
|
|---|
| 60 |
debug |
|---|
| 61 |
|
|---|
| 62 |
no_warn |
|---|
| 63 |
|
|---|
| 64 |
use_first_pass |
|---|
| 65 |
if set, the module does not ask for the passcode, but |
|---|
| 66 |
uses the password given earlier to an other module. |
|---|
| 67 |
|
|---|
| 68 |
try_first_pass |
|---|
| 69 |
if set, the module only asks for a passcode, if password |
|---|
| 70 |
was not set earlier to an other module. |
|---|
| 71 |
|
|---|
| 72 |
not_set_pass |
|---|
| 73 |
passcode will not be set as password, that can be used |
|---|
| 74 |
by other modules |
|---|
| 75 |
|
|---|
| 76 |
password: |
|---|
| 77 |
|
|---|
| 78 |
users=<filename> |
|---|
| 79 |
for setting a different configuration file as |
|---|
| 80 |
/etc/security/freeauth.conf |
|---|
| 81 |
|
|---|
| 82 |
debug |
|---|
| 83 |
|
|---|
| 84 |
no_warn |
|---|
| 85 |
|
|---|
| 86 |
|
|---|
| 87 |
|
|---|
| 88 |
|
|---|
| 89 |
KNOWN LIMITATIONS |
|---|
| 90 |
~~~~~~~~~~~~~~~~~ |
|---|
| 91 |
|
|---|
| 92 |
- Functions are not thread safe i think |
|---|
| 93 |
|
|---|
| 94 |
Any comments, bug reports, feature requests or questions please use the ticket |
|---|
| 95 |
tracker at http://www.freeauth.org |
|---|
