[OATH-Toolkit-help] Feedback to a first install of oath-toolkit/libpam-oath

[Patrick Strasser]

Hello!

I tried oath-toolkit last week, got it working and found some issues
that I would like share.

I was interested in running my services, like remote login with ssh,
with tow-factor authentication, with OTP first, and then normal password.

Installing in Ubuntu 13.4 was straight forward, thank you for the
packages. I did not try to build from source.
On a second machine I run Debian testing, installing libpam-oath and
oathtools pulls in liboath0. Maybe libpam-oath should recommend or
suggest oathtools, it comes in handy when testing the configuration.
The README in libpam-oath is the general oath-toolkit readme. The
pam-oath README with instructions is missing.

To get the pam module working, I followed the tutorial in
pam-oath/README from the web page. Some things I noticed:

* I ran the examples with my system /etc/pam.d/su, adding the config
lines just at the beginning of the file. This gave me instant two-factor
authentication: First OTP, then standard password.

* In the section "Configuration", one line for testing plain HOTP reads:
> So let’s test this by running su. At the prompt, you type the
> password (in this example, "pw") concatenated with the OTP (in this
> example, "328482").
This worked for me without the password "pw", which is only demonstrated
in the next section. I guess this should be only the OTP.

* In the section "Two-factor authentication" an OTP with password is
demonstrated. This worked for me, but no hint is given how to generate
more of them. Moreover I wonder if this is supported by any other tools
for HTOP.

* I tried to get TOTP working, which is what I intended to use. No help
in the docs how to do this. I read up a little code, and found some
hints how this could be done. I ended up using

HOTP/T30/6 root - "MYKEYINHEX"

This was surprising for me, as I would at least have expected the line
to start with "TOTP". Most important, it's not documented, which is a
pity. <rant>I like Open Source for the possibility to look things up in
the code, but I do not like it if the code is the only source to fill
gaps in the documentation :-) Moreover code and/or comments in code is
no replacement for proper specification, technical and user
documentation.</rant>
** I'd find it more intuitive to start TOTP keys with TOTP instead of
HOTP. If a third authentication scheme is added, this issue would arise
anyway.

* The next stumbling block was the difference between hex encoding and
base32. Most tools for HOTP/TOTP I saw in the last days use base32.
Getting a hex representation of the base32 key was difficult. Finally I
found out that oathtool prints out both encodings in verbose output. But
first I had to find out that the key in /etc/users.oath has to be in hex
encoding, which was not documented. What I would have been happy about:
** documentation about the fields in users.oath, possible values and
encodings
** A possibility to state the key in base32 in /etc/users.oath
** A option in oathtool that converts both ways between base32 and hex.

Finally, this worked with Java TOTP ME 1.6 on my phone, which is what I
wanted to get running.

Some more things that caught my attention:

* /etc/users.oath is changed by libpam-oath. I think this I not good.
According to FHS 2.3 [1] files in /etc should be static. I noticed that
entries for the counter, last value and last login are stored in the
file. For sure this is necessary for running the authentication, at
least the counter. What are pros and cons to store variable data in
/var/lib?

* The counter, OTP and timestamp of the last code are stored in
/etc/users.oath. The timestamp of the last login is printed when debug
is set in pam configuration. It would be nice to get the counter and/or
the last login timestamp when logging in to check if unnoticed logins
have happened.

* Having passwords/keys in plaintext in a config file is not improving
my trust in security of this authentication scheme. I think this was
discussed on the mailing list before, still reading up. Any news on this
issue?

* Having to change a line for every key for every user that changed her
key is not going to make libpam-oath very popular. Some tool like passwd
would be nice. To handle more keys per user a key ID would be necessary.
Any plans? I guess "Code is welcome"...

One thing that also works like a charm:
I configured two OTPs for root: One TOTP and one HOTP. I'd use TOTP
usually, but when I cannot create a time based OTP I'd use a HOTP from
my OTP list. This even worked for the same number of digits if no digits
constraint is configured. Of course I would not use 6 digits HOTP when I
use 6 digit TOTP.

I would file the issues as bugs and provide patches - especially
documentation - , just wanted to report how it worked for me first.

Regards

Patrick

[1] http://refspecs.linuxfoundation.org/FHS_2.3/fhs-2.3.html#PURPOSE6
-- 
Engineers motto: cheap, good, fast - choose any two
Patrick Strasser <patrick dot wirklich dot priv dot at>
PGP Key ID: 0x5A120903