mfa/pam, branch masterOut of band multi-factor authentication system
https://git.chudnick.com/mfa/atom?h=master2023-06-11T12:15:38ZRemoved some debug statements and better error handling2023-06-11T12:15:38ZSam Chudnicksam@chudnick.com2023-06-11T12:15:38Zurn:sha1:0ccdd42ff4a4cf8f774689ce88439821da7d14f7Support both TLS encrypted sessions and plaintext sessions2022-07-05T00:03:27ZSam Chudnicksam@chudnick.com2022-07-05T00:03:27Zurn:sha1:2e840e7c381f88425952c6fa9d68e0d433084a5a
Added support for both TLS and plaintext connections. Server can accept
both types of connection simultaneously or in different combinations
(i.e encrypted client and plaintext PAM). Added options for specifying
dedicated TLS ports on server. Added --plain options for client and PAM
to force plaintext connections, default is to use encrypted connections.
Configuring encrypted client and PAM connections and plaintext server
connections allows for use of a reverse proxy setup with something like
nginx. This will avoid having to expose the MFA server directly in setups
that traverse the internet.
Implemented TLS encrypted connections2022-07-04T16:24:59ZSam Chudnicksam@chudnick.com2022-07-04T16:24:59Zurn:sha1:755d7f5f94b720b028d085cf971c5935c130dec1
Implemented TLS encrypted connections. Added command line argument and
configuration file option to accept invalid (self-signed) certificates.
Fixed a couple of unrelated issues.
Properly implemented pam_sm_setcred2022-07-03T09:46:34ZSam Chudnicksam@chudnick.com2022-07-03T09:46:34Zurn:sha1:11a4a5edb9f0e22fe8355291942ed03c9765ced5
Properly implemented pam_sm_setcred and handle any flags that may be
passed. Split running of python script and getting status into a
separate function.
Renamed PAM python script. Slightly improved error handling2022-07-03T09:44:11ZSam Chudnicksam@chudnick.com2022-07-03T09:44:11Zurn:sha1:2e580433e66fd785508ab739e7fec188ba3a0761Add simple Makefile2022-07-02T20:03:15ZSam Chudnicksam@chudnick.com2022-07-02T20:03:15Zurn:sha1:5d78a10379454946fa3fee8eb6513054f2266172More robust error handling. Updated pam_sm_setcred.2022-07-02T20:01:52ZSam Chudnicksam@chudnick.com2022-07-02T20:01:52Zurn:sha1:c553506a3af32e15391de30fa32ac332ef8250a6
Handle issues with getting data from PAM more robustly. Change
pam_sm_setcred to return PAM_SUCCESS for now.
Read options from config file2022-07-02T19:35:50ZSam Chudnicksam@chudnick.com2022-07-02T19:35:50Zurn:sha1:8472b394ee44cd46cc36fd4fe0a4882364cab602
Set a standardized configuration file location and read options from
there. Allow for specifiying alternate location on command line.
Options can still be specified on the command line, and any command line
options take priority over those given in the configuration file.
Added support for TOTP2022-06-30T08:25:26ZSam Chudnicksam@chudnick.com2022-06-30T08:25:26Zurn:sha1:01c24eb1f6f6a54bb780940c7665acd280b42aaf
Added TOTP as an MFA option. Also made a couple of of minor changes.
Changed all database connections to use with statement. Read some
options from a config file.
Initial commit2022-06-28T00:41:01ZSam Chudnicksam@chudnick.com2022-06-28T00:41:01Zurn:sha1:570d0da295f3e2fcd7b8c80ae2e6c42fc365abdd