0004-pam_oath-use-helper-binary-to-access-modify-the-user.patchDescription: Text Data
|
| From: | Maxime de Roucy |
| Subject: | [OATH-Toolkit-help] PATCH: pam_oath suid helper binary |
| Date: | Sat, 16 Jul 2016 22:17:26 +0200 |
Hello,
I would like to submit some patchs I made for oath-toolkit.
If you have any question on those patchs don't hesitate to ask.
# Patch 1:
I rewrite liboath/usersfile.c to lock and modify usersfile inplace
instead of creating lock and temporary file.
I first did thoses patchs because I want to use pam_oath with postgres
(which doesn't run as root).
So I need the usersfile to have 660 permission, owner "root" and group
"oath" (postgres is a member of oath).
I take advantage of the code hacking to make some other changes and
comment it.
# Patch 2 and 3:
Non-retrocompatible patchs.
They change a bit the format of the userfile.
Now it's like the following before the first login :
HOTP/E/8 login password AES-key
After the first login :
HOTP/E/8 login password AES-key OATH-counter last-otp
last-otp-timestamp
# Patch 4
Create the (suid root) `oath_usersfile` helper binary to access and
modify the usersfile (like pam_unix does for /etc/shadow).
That way even service without access to the usersfile can authenticate
user with pam_oath.
--
Thank you in advance and regards
Maxime de Roucy
0004-pam_oath-use-helper-binary-to-access-modify-the-user.patch
Description: Text Data
0003-usersfile-fields-5-present-6-and-7-mandatory.patch
Description: Text Data
0002-different-usersfile-field-5-if-HOTP-TOTP.patch
Description: Text Data
0001-usersfile-rewrite.patch
Description: Text Data
signature.asc
Description: This is a digitally signed message part
| [Prev in Thread] | Current Thread | [Next in Thread] |