summaryrefslogtreecommitdiff
path: root/server
Commit message (Collapse)AuthorAgeFilesLines
* Support both TLS encrypted sessions and plaintext sessionsSam Chudnick2022-07-041-13/+61
| | | | | | | | | | | | | Added support for both TLS and plaintext connections. Server can accept both types of connection simultaneously or in different combinations (i.e encrypted client and plaintext PAM). Added options for specifying dedicated TLS ports on server. Added --plain options for client and PAM to force plaintext connections, default is to use encrypted connections. Configuring encrypted client and PAM connections and plaintext server connections allows for use of a reverse proxy setup with something like nginx. This will avoid having to expose the MFA server directly in setups that traverse the internet.
* Added option to specify TLS ciphersSam Chudnick2022-07-041-13/+37
| | | | | | Added a command line argument and config file option to set the TLS ciphers that the server will use. Set to Mozilla intermediate compatibility by default.
* Added options for certificate and key filesSam Chudnick2022-07-041-14/+26
| | | | | Added command line arguments and config file options to specify TLS certificate and TLS private key files.
* Implemented TLS encrypted connectionsSam Chudnick2022-07-041-12/+26
| | | | | | Implemented TLS encrypted connections. Added command line argument and configuration file option to accept invalid (self-signed) certificates. Fixed a couple of unrelated issues.
* Fixed issue caused by non-static database locationSam Chudnick2022-07-031-25/+34
| | | | | Pass database location as argument where needed now that location is not static.
* Read options from config file and moreSam Chudnick2022-07-021-41/+151
| | | | | | | | | | | | Read options from standardized configuration file but still prioritize command line options. Added several more commands: --get-app - list provisioned applications, can be filtered by additionally specifying any of --user,--host,--service,--alias --delete-client - delete a provisioned client --delete-app - delete a provisioned application, works the same way as --get-app so calling just --delete-app would request to delete all applications (confirmation is always requested first) Modified --add-client to accept arguments directly. Multiple aliases can be specified for bulk provisioning (--delete-client works the same way). Change --get-client so that no additional options lists all clients. Do not show TOTP secret by default and require --show-secret to do so.
* Read options from config fileSam Chudnick2022-07-021-9/+64
| | | | | | | Set a standardized configuration file location and read options from there. Allow for specifiying alternate location on command line. Options can still be specified on the command line, and any command line options take priority over those given in the configuration file.
* Added support for TOTPSam Chudnick2022-06-302-83/+134
| | | | | | Added TOTP as an MFA option. Also made a couple of of minor changes. Changed all database connections to use with statement. Read some options from a config file.
* Initial commitSam Chudnick2022-06-272-0/+359