| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Added support for both TLS and plaintext connections. Server can accept
both types of connection simultaneously or in different combinations
(i.e encrypted client and plaintext PAM). Added options for specifying
dedicated TLS ports on server. Added --plain options for client and PAM
to force plaintext connections, default is to use encrypted connections.
Configuring encrypted client and PAM connections and plaintext server
connections allows for use of a reverse proxy setup with something like
nginx. This will avoid having to expose the MFA server directly in setups
that traverse the internet.
|
| |
|
|
|
|
| |
Added a command line argument and config file option to set the TLS
ciphers that the server will use. Set to Mozilla intermediate
compatibility by default.
|
| |
|
|
|
| |
Added command line arguments and config file options to specify TLS
certificate and TLS private key files.
|
| |
|
|
|
|
| |
Implemented TLS encrypted connections. Added command line argument and
configuration file option to accept invalid (self-signed) certificates.
Fixed a couple of unrelated issues.
|
| |
|
|
|
|
| |
Properly implemented pam_sm_setcred and handle any flags that may be
passed. Split running of python script and getting status into a
separate function.
|
| |
|
|
|
| |
Pass database location as argument where needed now that location is not
static.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Handle issues with getting data from PAM more robustly. Change
pam_sm_setcred to return PAM_SUCCESS for now.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Read options from standardized configuration file but still prioritize command line options. Added several more commands:
--get-app - list provisioned applications, can be filtered by additionally specifying any of --user,--host,--service,--alias
--delete-client - delete a provisioned client
--delete-app - delete a provisioned application, works the same way as --get-app so calling just --delete-app would request to delete all applications (confirmation is always requested first)
Modified --add-client to accept arguments directly. Multiple aliases can be specified for bulk provisioning (--delete-client works the same way). Change --get-client so that no additional options lists all clients. Do not show TOTP secret by default and require --show-secret to do so.
|
| |
|
|
|
|
|
| |
Set a standardized configuration file location and read options from
there. Allow for specifiying alternate location on command line.
Options can still be specified on the command line, and any command line
options take priority over those given in the configuration file.
|
| |
|
|
|
|
| |
Added TOTP as an MFA option. Also made a couple of of minor changes.
Changed all database connections to use with statement. Read some
options from a config file.
|
| |
|
