[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#564820: ITP: libpam-barada -- PAM module to provide two-factor authentication based on HOTP

Peter Samuelson <peter@p12n.org> writes:
> [Andrew Pollock]

>> * Package name    : libpam-barada
>>   Description     : PAM module to provide two-factor authentication based on HOTP

> I would suggest that the PAM architecture is better suited to providing
> only _one_ factor of authentication per plugin.  Does this module really
> implement two factors?  If not, you probably shouldn't claim that it
> does.

I don't know about this module in particular, but it's certainly possible
for a PAM module to provide a system interface for a two-factor
authentication system.  For example, use of a hardware smart card plus a
pass code is a two-factor authentication system, and if the PAM module
prompts the user to enter the smart card, prompts for the pass code, and
then uses the libraries to verify the pass code and the smart card, that's
a two-factor authentication system implemented in a PAM module.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: