And I meant to mention how to get the code for testing: git clone git://cosign.git.sourceforge.net/gitroot/cosign/cosign
The file is factors/pam_factor.c andrew On Feb 17, 2010, at 2:06 PM, Andrew Mortensen wrote: > I've written and checked in a generic PAM-based external factor for use with > the cosign.cgi. Because it uses PAM, this external factor should help lower > the bar to deployment of two-factor authentication at institutions using > cosign. I've successfully tested it with RSA's SecurID and Yubikey, a USB > token supporting OATH-HOTP. > > It's not yet integrated with the the rest of the build, so you'll need to > compile it by hand for the moment. I wanted to make it available for testing > as soon as possible. It will be available as a configure-time option in the > next release. > > Please test and report bugs on SF.net. > > Thanks for supporting cosign. > > andrew > > -- > > Use of the PAM external factor is fairly straightforward. Compile > pam_factor.c with the name of your choice: > > gcc -lpam -o rsatoken pam_factor.c > > Copy the factor to a known location, e.g., /usr/local/cosign/factors. > > Edit cosign.conf and add the factor: > > factor /usr/local/cosign/factors/rsatoken -2 login passcode > > The arguments after "-2" (indicating that primary authentication is required > before this factor can be used) are the form input field values from the > login page which should be passed to the factor. See the cosign.conf manpage > FACTOR section for more details. > > Edit /etc/pam.d/<factor_name>, in this example /etc/pam.d/rsatoken, and add > something similar to the following: > > # cosign.cgi pam external factor using RSA's SecurID > # pam_securid module. > auth required pam_securid.so > > # the pam external factor always calls pam_acct_mgmt, > # so we need to make sure that something grants us > # access. pam_permit always returns success. local > # customizations might want to use pam_ldap, pam_group, > # pam_listfile, pam_localuser, or any similar module > # satisfying the account requirement. > account required pam_permit.so > > # deny auth tokens and session requests, to be safe. > password required pam_deny.so > session required pam_deny.so > > > > ------------------------------------------------------------------------------ > SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, > Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW > http://p.sf.net/sfu/solaris-dev2dev > _______________________________________________ > Cosign-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/cosign-discuss > > !DSPAM:4b7c3e9a59271065390704! > > > ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
