|
From: | Maxime de Roucy |
Subject: | [OATH-Toolkit-help] PATCH: pam_oath suid helper binary |
Date: | Sat, 16 Jul 2016 22:17:26 +0200 |
Hello, I would like to submit some patchs I made for oath-toolkit. If you have any question on those patchs don't hesitate to ask. # Patch 1: I rewrite liboath/usersfile.c to lock and modify usersfile inplace instead of creating lock and temporary file. I first did thoses patchs because I want to use pam_oath with postgres (which doesn't run as root). So I need the usersfile to have 660 permission, owner "root" and group "oath" (postgres is a member of oath). I take advantage of the code hacking to make some other changes and comment it. # Patch 2 and 3: Non-retrocompatible patchs. They change a bit the format of the userfile. Now it's like the following before the first login : HOTP/E/8 login password AES-key After the first login : HOTP/E/8 login password AES-key OATH-counter last-otp last-otp-timestamp # Patch 4 Create the (suid root) `oath_usersfile` helper binary to access and modify the usersfile (like pam_unix does for /etc/shadow). That way even service without access to the usersfile can authenticate user with pam_oath. -- Thank you in advance and regards Maxime de Roucy
0004-pam_oath-use-helper-binary-to-access-modify-the-user.patch
Description: Text Data
0003-usersfile-fields-5-present-6-and-7-mandatory.patch
Description: Text Data
0002-different-usersfile-field-5-if-HOTP-TOTP.patch
Description: Text Data
0001-usersfile-rewrite.patch
Description: Text Data
signature.asc
Description: This is a digitally signed message part
[Prev in Thread] | Current Thread | [Next in Thread] |