Login Process

I want to wrote a 2 factor authentication script that runs after PAM authentication that texts my phone a random 6 digit number and waits for 60 seconds for me to type in the result... I have it all basically writen in my head, but I cannot for the life of me find any literature as to where to 'inject' the script.

As always, any help will be appreciated...
 
In your login script? ~/.cshrc or ~/.bashrc etc...

PAM does already have a 2FA plugin (that I use): oath-toolkit Library, tools, and PAM module for OATH authentication.
You just need an authenticator on your phone (Google, Authy, etc.)
 
I appreciate that. But, the whole point of the exercises was 2 fold. First, I wanted to get familiar enough with the login process that I CAN do it myself. Second, I don't want anything through google...
I'll look into ~.cshrc, but I was hoping for a more system wide solution. Then again, that might work well with a script I wrote that synchronizes user directories with /etc/skel.
 
Just to be clear OATH has nothing to do with google. It implements RFCs 4226 6238 among others. It's just that Google has written a free mobile app that implements TOPT. Personally I use Authy. I also tie it in with ap24-mod_authn_otp on my reverse proxy.

Good luck with your project!

Scott
 
Back
Top