mobile otp and pam

To: debian-security@lists.debian.org
Subject: mobile otp and pam
From: Gergely Buday <gbuday@gmail.com>
Date: Thu, 9 Feb 2012 15:59:31 +0100
Message-id: <CA+3iOz=CbUwqTMbsHmi3v6OF_t5TfOLq2hA=ho2GWQif1LQatA@mail.gmail.com>

Hi,

I hope to find some pam experts who can help me fixing this.

http://www.worksinmymind.com/blog/?p=1083

writes that I need to add

auth  sufficient /lib/security/pam_mobile_otp.so not_set_pass
password required /lib/security/pam_mobile_otp.so debug
account required /lib/security/pam_mobile_otp.so

to my /etc/pam.d/sshd to enable authentication with a mobile
phone-based one-time-password. My question is: what do I need beside
this to make it work? Do I need a session line? It seems that I should
remove the standard password mechanisms since I want to enable login
_only_ with this mobile otp scheme.

Testing this it seemed that pam accepts the good passcode and refuses
the bad, just it does not let me in in the former case - with the
above lines only in /etc/pam.d/sshd

I use fedora but I thought I will find pam expertise here.

- Gergely

Reply to:

Prev by Date: Re: how to fix rootkit?
Next by Date: Re: how to fix rootkit?
Previous by thread: Re: how to fix rootkit?
Next by thread: request CVE for vdrtestleak
Index(es):
- Date
- Thread