x-itec / mod-authn-otp

Automatically exported from code.google.com/p/mod-authn-otp
Apache License 2.0
0 stars 0 forks source link

Adding possibiliy to check PIN against SASLauthd rather than users_file #11

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
First thanks a lot for your work.
Second, we use your work for securing the external access to our intranet. 
We use an ldap directory for all the accounts.
Inside users are authenticated/authorized with mod_authnz_ldap, but outside 
users need now to connect with user / original password + OTP.
My problem was to keep the password in the users_file syncronized with our ldap 
directory, so I made a small patch wich adds the fonctionality to check the PIN 
code as the password with saslauthd.

for doing that I added 2 config settings:
OTPSASLPwdCheck On enables the PIN checking against saslauthd
   default value Off -PIN checking is with users files

OTPSASLRunDir contains the path of the saslauthd unix socket "mux"
   default value to /var/run/sasl2 wich is the correct path for openSUSE 11.3

currently in the users file you can put what you want in the PIN field (except 
obviously "-" ) personnaly I use "SASL". Note that the lenght is not important.

I attach my patch, after applying it you need to do a:
touch ChangeLog
touch AUTHORS
autoreconf -fi
before building the mod_authn_otp.so module

I attached the patch and the src.rpm for openSUSE 11.3 

Original issue reported on code.google.com by gronan.r...@gmail.com on 17 Mar 2011 at 8:52

Attachments:

GoogleCodeExporter commented 9 years ago
This is now fixed in version 1.1.2 via the new OTPAuthPINAuthProvider 
configuration directive. There is a mod_authn_sasl out there that will then do 
what you want: http://mod-authn-sasl.sourceforge.net/

Original comment by archie.c...@gmail.com on 22 Mar 2011 at 10:56