Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 302095 - sys-auth/otpasswd One-time Passwords Authentication System (new package)
Summary: sys-auth/otpasswd One-time Passwords Authentication System (new package)
Status: CONFIRMED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High normal with 1 vote (vote)
Assignee: Default Assignee for New Packages
URL: https://savannah.nongnu.org/projects/...
Whiteboard:
Keywords:
: 292452 (view as bug list)
Depends on:
Blocks:
 
Reported: 2010-01-24 20:05 UTC by Tomasz bla Fortuna
Modified: 2010-01-24 20:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments
Ebuild for RC1 (otpasswd-0.5_rc1.ebuild,1.67 KB, text/plain)
2010-01-24 20:09 UTC, Tomasz bla Fortuna
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Tomasz bla Fortuna 2010-01-24 20:05:37 UTC
I. Why
I'd like this ebuild included in portage/overlay because there's no similar software available currently. I know of three other systems like this one:
- otpw
- opie (kind of outdated but popular)
- pam-ppp (software on which otpasswd ideas are based)
- pam_sotp (this one is in sunrise; it's development looks suspended) 

But I guess all are inferior to OTPasswd currently.

II. What
Idea for all of them is similar; software consist of some utility to manage "user state" and PAM module to perform authentication. After installation/configuration each time you have to log with SSH you're asked for your normal password and a one-time pad. Even if your client session is keylogged, the attacker won't have enough information to login himself.

One-time pads can be kept on printed paper cards on received via out-of-band channel communication (I use SMS).

III. Details
Ebuild info:
Tested successfully on x86 and amd64. At first I tried to fix bugs of pam-ppp and add some features but fast I decided to drop it completely and write similar system from scratch. This one after two months of coding is much more advanced and well-documented.

It needs tests but this can be helped by placing it in portage/overlay. ;)
Program was tested successfully also under FreeBSD.
Comment 1 Tomasz bla Fortuna 2010-01-24 20:09:11 UTC
Created attachment 217325 [details]
Ebuild for RC1

This ebuild installs software in most versatile way, but requiring suid-root. If this would make it harder for the ebuild to be used it might be removed. otpasswd can work without suid while keeping it's state inside user home directories.
Comment 2 Tomasz bla Fortuna 2010-01-24 20:10:53 UTC
*** Bug 292452 has been marked as a duplicate of this bug. ***