Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
pam with mobile otp
58 views
Skip to first unread message
Gergely Buday
Feb 8, 2012, 8:18:57 AM2/8/12
to
Hi there,
as there is no mailing list devoted to the mobile one-time-password
package, I have thought it was good to post my questions here.
http://motp.sourceforge.net/
http://www.worksinmymind.com/blog/?p=1083
I get
pam_mobile_otp[23810]: passcode not accepted
messages in /var/log/messages, but that is all. Even I set max
maxdiff=36000 to auth, but to no avail.
I have set in /etc/pam.d/sshd the following:
#%PAM-1.0
auth sufficient /lib64/security/pam_mobile_otp.so not_set_pass
debug maxdiff=36000
password required /lib64/security/pam_mobile_otp.so debug
account required /lib64/security/pam_mobile_otp.so debug
#auth required pam_sepermit.so
#auth substack password-auth
#auth include postlogin
#account required pam_nologin.so
#account include password-auth
#password include password-auth
## pam_selinux.so close should be the first session rule
#session required pam_selinux.so close
#session required pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be
executed in the user context
#session required pam_selinux.so open env_params
#session optional pam_keyinit.so force revoke
#session include password-auth
#session include postlogin
I have commented out all default settings as I wanted to experiment
with only mobile otp. Was it a mistake?
Otherwise, I followed the blog post and found that the epoch
difference between my mobile and the server is 11, which should be
acceptable even with the default time window.
So, anybody has a clue how to continue?
- Gergely
as there is no mailing list devoted to the mobile one-time-password
package, I have thought it was good to post my questions here.
http://motp.sourceforge.net/
http://www.worksinmymind.com/blog/?p=1083
I get
pam_mobile_otp[23810]: passcode not accepted
messages in /var/log/messages, but that is all. Even I set max
maxdiff=36000 to auth, but to no avail.
I have set in /etc/pam.d/sshd the following:
#%PAM-1.0
auth sufficient /lib64/security/pam_mobile_otp.so not_set_pass
debug maxdiff=36000
password required /lib64/security/pam_mobile_otp.so debug
account required /lib64/security/pam_mobile_otp.so debug
#auth required pam_sepermit.so
#auth substack password-auth
#auth include postlogin
#account required pam_nologin.so
#account include password-auth
#password include password-auth
## pam_selinux.so close should be the first session rule
#session required pam_selinux.so close
#session required pam_loginuid.so
## pam_selinux.so open should only be followed by sessions to be
executed in the user context
#session required pam_selinux.so open env_params
#session optional pam_keyinit.so force revoke
#session include password-auth
#session include postlogin
I have commented out all default settings as I wanted to experiment
with only mobile otp. Was it a mistake?
Otherwise, I followed the blog post and found that the epoch
difference between my mobile and the server is 11, which should be
acceptable even with the default time window.
So, anybody has a clue how to continue?
- Gergely
Dag-Erling Smørgrav
Feb 8, 2012, 8:38:02 AM2/8/12
to
Gergely Buday <gbu...@gmail.com> writes:
> as there is no mailing list devoted to the mobile one-time-password
> package, I have thought it was good to post my questions here.
>
> http://motp.sourceforge.net/
Not quite what you asked for, but have you considered Google
> as there is no mailing list devoted to the mobile one-time-password
> package, I have thought it was good to post my questions here.
>
> http://motp.sourceforge.net/
Authenticator instead?
http://code.google.com/p/google-authenticator/
DES
--
Dag-Erling Smørgrav - d...@des.no
Gergely Buday
Feb 8, 2012, 10:43:24 AM2/8/12
to
> Not quite what you asked for, but have you considered Google
> Authenticator instead?
>
> http://code.google.com/p/google-authenticator/
Yes, I have considered, but they support only the smartphones, while
> Authenticator instead?
>
> http://code.google.com/p/google-authenticator/
Mobile Otp works on any phone that runs the Java VM.
- Gergely
0 new messages