mfa/server, branch masterOut of band multi-factor authentication system
https://git.chudnick.com/mfa/atom?h=master2023-06-11T12:15:38ZRemoved some debug statements and better error handling2023-06-11T12:15:38ZSam Chudnicksam@chudnick.com2023-06-11T12:15:38Zurn:sha1:0ccdd42ff4a4cf8f774689ce88439821da7d14f7Support both TLS encrypted sessions and plaintext sessions2022-07-05T00:03:27ZSam Chudnicksam@chudnick.com2022-07-05T00:03:27Zurn:sha1:2e840e7c381f88425952c6fa9d68e0d433084a5a
Added support for both TLS and plaintext connections. Server can accept
both types of connection simultaneously or in different combinations
(i.e encrypted client and plaintext PAM). Added options for specifying
dedicated TLS ports on server. Added --plain options for client and PAM
to force plaintext connections, default is to use encrypted connections.
Configuring encrypted client and PAM connections and plaintext server
connections allows for use of a reverse proxy setup with something like
nginx. This will avoid having to expose the MFA server directly in setups
that traverse the internet.
Added option to specify TLS ciphers2022-07-04T17:44:26ZSam Chudnicksam@chudnick.com2022-07-04T17:44:26Zurn:sha1:46564f357c175c7a01a36422307f05b543a83190
Added a command line argument and config file option to set the TLS
ciphers that the server will use. Set to Mozilla intermediate
compatibility by default.
Added options for certificate and key files2022-07-04T16:32:16ZSam Chudnicksam@chudnick.com2022-07-04T16:32:16Zurn:sha1:dbfb415edfbe1bc8db3a1272c28189785e623860
Added command line arguments and config file options to specify TLS
certificate and TLS private key files.
Implemented TLS encrypted connections2022-07-04T16:24:59ZSam Chudnicksam@chudnick.com2022-07-04T16:24:59Zurn:sha1:755d7f5f94b720b028d085cf971c5935c130dec1
Implemented TLS encrypted connections. Added command line argument and
configuration file option to accept invalid (self-signed) certificates.
Fixed a couple of unrelated issues.
Fixed issue caused by non-static database location2022-07-03T09:45:21ZSam Chudnicksam@chudnick.com2022-07-03T09:45:21Zurn:sha1:ce3c9f1e849b871db2fa91b5aa030e8ea471a7ca
Pass database location as argument where needed now that location is not
static.
Read options from config file and more2022-07-02T19:45:09ZSam Chudnicksam@chudnick.com2022-07-02T19:45:09Zurn:sha1:a9b5d5eb0fe72931757d3d989ec0a74986f36315
Read options from standardized configuration file but still prioritize command line options. Added several more commands:
--get-app - list provisioned applications, can be filtered by additionally specifying any of --user,--host,--service,--alias
--delete-client - delete a provisioned client
--delete-app - delete a provisioned application, works the same way as --get-app so calling just --delete-app would request to delete all applications (confirmation is always requested first)
Modified --add-client to accept arguments directly. Multiple aliases can be specified for bulk provisioning (--delete-client works the same way). Change --get-client so that no additional options lists all clients. Do not show TOTP secret by default and require --show-secret to do so.
Read options from config file2022-07-02T19:35:50ZSam Chudnicksam@chudnick.com2022-07-02T19:35:50Zurn:sha1:8472b394ee44cd46cc36fd4fe0a4882364cab602
Set a standardized configuration file location and read options from
there. Allow for specifiying alternate location on command line.
Options can still be specified on the command line, and any command line
options take priority over those given in the configuration file.
Added support for TOTP2022-06-30T08:25:26ZSam Chudnicksam@chudnick.com2022-06-30T08:25:26Zurn:sha1:01c24eb1f6f6a54bb780940c7665acd280b42aaf
Added TOTP as an MFA option. Also made a couple of of minor changes.
Changed all database connections to use with statement. Read some
options from a config file.
Initial commit2022-06-28T00:41:01ZSam Chudnicksam@chudnick.com2022-06-28T00:41:01Zurn:sha1:570d0da295f3e2fcd7b8c80ae2e6c42fc365abdd