mfa, branch masterOut of band multi-factor authentication system
https://git.chudnick.com/mfa/atom?h=master2023-06-11T12:15:38ZRemoved some debug statements and better error handling2023-06-11T12:15:38ZSam Chudnicksam@chudnick.com2023-06-11T12:15:38Zurn:sha1:0ccdd42ff4a4cf8f774689ce88439821da7d14f7Wrap client loop in try catch block2023-06-11T12:14:22ZSam Chudnicksam@chudnick.com2023-06-11T12:14:22Zurn:sha1:ceddd0cb74f4404b8d743c3fce011c2c9fda4f32Add installation scripts2023-06-11T12:13:54ZSam Chudnicksam@chudnick.com2023-06-11T12:13:54Zurn:sha1:f8527f77547ef8c2bd1f94633672b674d4920f88Add Makefile2023-06-11T12:13:34ZSam Chudnicksam@chudnick.com2023-06-11T12:13:34Zurn:sha1:30cc1d47d8bb76a2f9c773503f476000d42573caCreated sample configuration file2022-07-05T00:14:55ZSam Chudnicksam@chudnick.com2022-07-05T00:14:55Zurn:sha1:f77ae63daeba678612b11a274c92c5687cc3de5fSupport both TLS encrypted sessions and plaintext sessions2022-07-05T00:03:27ZSam Chudnicksam@chudnick.com2022-07-05T00:03:27Zurn:sha1:2e840e7c381f88425952c6fa9d68e0d433084a5a
Added support for both TLS and plaintext connections. Server can accept
both types of connection simultaneously or in different combinations
(i.e encrypted client and plaintext PAM). Added options for specifying
dedicated TLS ports on server. Added --plain options for client and PAM
to force plaintext connections, default is to use encrypted connections.
Configuring encrypted client and PAM connections and plaintext server
connections allows for use of a reverse proxy setup with something like
nginx. This will avoid having to expose the MFA server directly in setups
that traverse the internet.
Added option to specify TLS ciphers2022-07-04T17:44:26ZSam Chudnicksam@chudnick.com2022-07-04T17:44:26Zurn:sha1:46564f357c175c7a01a36422307f05b543a83190
Added a command line argument and config file option to set the TLS
ciphers that the server will use. Set to Mozilla intermediate
compatibility by default.
Added options for certificate and key files2022-07-04T16:32:16ZSam Chudnicksam@chudnick.com2022-07-04T16:32:16Zurn:sha1:dbfb415edfbe1bc8db3a1272c28189785e623860
Added command line arguments and config file options to specify TLS
certificate and TLS private key files.
Implemented TLS encrypted connections2022-07-04T16:24:59ZSam Chudnicksam@chudnick.com2022-07-04T16:24:59Zurn:sha1:755d7f5f94b720b028d085cf971c5935c130dec1
Implemented TLS encrypted connections. Added command line argument and
configuration file option to accept invalid (self-signed) certificates.
Fixed a couple of unrelated issues.
Properly implemented pam_sm_setcred2022-07-03T09:46:34ZSam Chudnicksam@chudnick.com2022-07-03T09:46:34Zurn:sha1:11a4a5edb9f0e22fe8355291942ed03c9765ced5
Properly implemented pam_sm_setcred and handle any flags that may be
passed. Split running of python script and getting status into a
separate function.