URL:
<http://savannah.nongnu.org/support/?109259>
Summary: Ability to use customized prompts
Project: OATH Toolkit
Submitted by: None
Submitted on: Tue 14 Feb 2017 06:18:10 PM UTC
Category: None
Priority: 5 - Normal
Severity: 1 - Wish
Status: None
Privacy: Public
Assigned to: None
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Operating System: GNU/Linux
_______________________________________________________
Details:
While the current prompt ("One-time password (OATH) for ...") is precise it
would be nice to override this prompt with something more generic (such as
"Validation Code:").
>From a security standpoint this also provides an additional layer of
information hiding. While not providing any real security, a clean
non-descript prompt does cover up the source of pam_oath. This also allows
for pam_oath to be dropped in as a replacement for Google Authenticator
without any impact to end users (and the "why's the prompt different?"
discussions).
Perhaps an additional variable that can be passed to pam_oath.so?
(prompt="...")
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/support/?109259>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
