Comments (11)
Comment #1 originally posted by Abubakar.Masood on 2011-01-28T16:24:07.000Z:
I tried adding the code above in pam_google_authenticator.c. After adding, i made a new copy of google-authenticator for 1 user on ma computer, configured google-authenticator with ssh access. But it still looks like it does not allow me to access the not configured user through ssh. Anything I am missing?
from google-authenticator.
Comment #2 originally posted by valient on 2011-01-29T21:55:27.000Z:
The code is contained in an #ifdef which is not enabled by default. You'll need to add "#define ALLOW_UNCONFIGURED_USERS" to the top of the file to make it work. Or else remove the #ifdef and #endif lines from the patch..
from google-authenticator.
Comment #3 originally posted by jeremy.kitchen on 2011-02-16T20:50:58.000Z:
this patch is fine, but I think it should be a module parameter and not a compile time thing.
auth required pam_google_authenticator.so pass_if_unconfigured
something like that.
from google-authenticator.
Comment #4 originally posted by [email protected] on 2011-02-21T00:19:44.000Z:
Seems to be broken for su, on Debian Squeeze with Lenny kernel. According to strace (strace is setuid root so I can strace setuid root programs):
[...]
setfsuid32(0) = 0
setfsuid32(0) = 0
open("/root/.google_authenticator", O_RDONLY) = -1 ENOENT (No such file or directory)
[...]
access("/root/.google_authenticator", F_OK) = -1 EACCES (Permission denied)
[...]
Still trying to understand why access(...) returns EACCES instead of ENOENT. Maybe a kernel issue with my older kernel?
Everything works fine if /root/.google_authenticator exists.
from google-authenticator.
Comment #5 originally posted by valient on 2011-02-24T00:41:28.000Z:
Attached is a patch that adds two arguments to the pam module:
- "pass_unconfigured" : if this is specified, then the pam module will ignore users that do not have authenticator setup (it will return success).
- "suffix=[xxx]" : for adding a suffix to the user's homedir path. There is a separate ticket open for this, but this is how I deal with encrypted home directories.
For example, if the following is specified in a pam config file:
auth required pam_google_authenticator.so pass_unconfigured suffix=.auth
then when a user "foo" attempts to gain access, the module will look for "/home/foo.auth/.google_authenticator", and will return success if that file does not exist.
This patch is a diff of the head against my branch, so it also contains a one-line bug fix for blocked code handling.
from google-authenticator.
Comment #6 originally posted by [email protected] on 2011-02-27T23:26:09.000Z:
At quick glance, I think the patch in comment # 5 will suffer from the same problem I have in comment # 4. I just reproduced this problem on an up-to-date Ubuntu system. Still investigating.
from google-authenticator.
Comment #7 originally posted by Abubakar.Masood on 2011-02-28T15:07:19.000Z:
This problem can be solved by adding a CONFIG FILE (which could be user defined) and adding the code on the first post in an if statement which reads from the config file. I have added a config file with settings for allowing/not allowing unconfigured users and it works fine.
from google-authenticator.
Comment #8 originally posted by paul.devrieze on 2011-02-28T16:34:15.000Z:
As an alternative, I've created a patch # 32 that lets the module return various codes to the pam stack. You can then handle those in whatever way desired (including forcing the user to create the token) by leveraging pam.
from google-authenticator.
Comment #9 originally posted by [email protected] on 2011-03-09T20:26:23.000Z:
<empty>
from google-authenticator.
Comment #10 originally posted by [email protected] on 2011-03-12T02:48:47.000Z:
See issue # 24 for dealing with encrypted home directories.
from google-authenticator.
Comment #11 originally posted by fredemmott on 2011-08-20T09:00:28.000Z:
Here's a workaround:
- Save the following as /usr/local/sbin/no-google-authenticator or similar:
#!/bin/sh
HOME=$(getent passwd "${PAM_USER}" | cut -f6 -d:)
/usr/bin/test ! -e "${HOME}/.google_authenticator"
- Use the following in your PAM config:
auth [success=1 default=ignore] pam_exec.so quiet /usr/local/sbin/no-google-authenticator
auth required pam_google_authenticator.so
"[success=1 default=ignore]" means "on success, skip the next 1 auth provider (google), on failure, just pretend it didn't happen"
from google-authenticator.
Related Issues (20)
- Does not comply with RFC 6238 HOT 2
- Entering a provided key: '8' or '9' characters are invalid HOT 3
- Crap HOT 1
- Consider IANA registration of URI Scheme for otpauth? HOT 3
- Recent Update broke usage in Vysor HOT 5
- Is there any way to use this without a mobile device? HOT 2
- I Need to set QR code by base64 HOT 1
- Grouping of entries HOT 1
- No Password APP protection on IOS? HOT 1
- When I download the repo, it gives several erro missing library HOT 1
- Different behaviour between iOS and Android when opening otpauth:// urlscheme HOT 1
- Cannot transfer account without a name to a new device
- iOS App Crashes Instantly on 14.2 HOT 7
- Invalid barcode during account transfer from android to iphone HOT 11
- Face ID HOT 3
- Colors on codes
- Is that possible to use google-authenticator as a digital signature HOT 1
- Cannot Intercept QR code after transfer!! HOT 1
- AUthenticator has stopped - error on startup HOT 1
- Invalid barcode on IOS iphone HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from google-authenticator.