rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-01-19 07:52:23 +01:00
Code Issues Projects Releases Wiki Activity

Add new key parameter to set verification key.

Browse Source
This commit is contained in:
Simon Josefsson 2009-05-11 10:05:20 +00:00
parent b6d7807da7
commit 246253c379
3 changed files with 30 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
README
View File

@ -91,8 +91,12 @@ For more information, see the project Wiki page.
Supported PAM module parameters are:
{{{
"id": to indicate your client identity,
"debug": to enable debug output to stdout,
"id": to indicate your client identity.
"key": to indicate your client key in base64 format.
"debug": to enable debug output to stdout.
"alwaysok": to enable that all authentication attempts should succeed
(aka presentation mode).
@ -110,10 +114,15 @@ Supported PAM module parameters are:
"url": specify the URL template to use, this is set by calling
yubikey_client_set_url_template, which uses by default:
http://api.yubico.com/wsapi/verify?id=%d&otp=%s
"ldapserver": specifiy the ldap server host (default ldap port is used)
"ldapdn": specify the dn where the users are stored (eg: ou=users,dc=domain,dc=com)
"user_attr": specify the attribute used to store usernames (eg:cn)
"yubi_attr": specify the attribute used to store the yubikey id
"ldapserver": specifiy the ldap server host (default ldap port is used).
"ldapdn": specify the dn where the users are stored
(eg: ou=users,dc=domain,dc=com).
"user_attr": specify the attribute used to store usernames (eg:cn).
"yubi_attr": specify the attribute used to store the yubikey id.
}}}
If you are using "debug" you may find it useful to create a

5
configure.ac
View File

@ -40,7 +40,6 @@ AC_CHECK_HEADERS([security/pam_appl.h], [],
AC_CHECK_HEADERS([security/pam_modules.h security/_pam_macros.h], [], [],
[#include <security/pam_appl.h>])
AC_ARG_WITH([ldap],
[AS_HELP_STRING([--without-ldap],
[disable support for ldap])],
@ -60,9 +59,9 @@ AC_ARG_WITH([ldap],
AC_LIB_HAVE_LINKFLAGS([ykclient],, [#include <ykclient.h>],
[ykclient_init (0);])
[ykclient_set_client_b64 (0, 0, 0);])
if test "$ac_cv_libykclient" != yes; then
AC_MSG_ERROR([[Libykclient not found, get it from http://code.google.com/p/yubico-c-client/]])
AC_MSG_ERROR([[Libykclient v2.3+ required, see http://code.google.com/p/yubico-c-client/]])
fi
AC_SUBST(PAMDIR, "\$(exec_prefix)/lib/security")

17
pam_yubico.c
View File

@ -70,7 +70,6 @@
#define PORT_NUMBER LDAP_PORT
#endif
#ifndef PAM_EXTERN
#ifdef PAM_STATIC
#define PAM_EXTERN static
@ -79,8 +78,6 @@
#endif
#endif
#include <sys/types.h>
#include <pwd.h>
@ -306,6 +303,7 @@ authorize_user_token_ldap (const char *ldapserver,
struct cfg
{
int client_id;
char *client_key;
int debug;
int alwaysok;
int try_first_pass;
@ -339,6 +337,8 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
{
if (strncmp (argv[i], "id=", 3) == 0)
sscanf (argv[i], "id=%d", &cfg->client_id);
if (strncmp (argv[i], "key=", 4) == 0)
cfg->client_key = (char *) argv[i] + 4;
if (strcmp (argv[i], "debug") == 0)
cfg->debug = 1;
if (strcmp (argv[i], "alwaysok") == 0)
@ -368,6 +368,7 @@ parse_cfg (int flags, int argc, const char **argv, struct cfg *cfg)
for (i = 0; i < argc; i++)
D (("argv[%d]=%s", i, argv[i]));
D (("id=%d", cfg->client_id));
D (("key=%s", cfg->client_key ? cfg->client_key : "(null)"));
D (("debug=%d", cfg->debug));
D (("alwaysok=%d", cfg->alwaysok));
D (("try_first_pass=%d", cfg->try_first_pass));
@ -437,7 +438,15 @@ pam_sm_authenticate (pam_handle_t * pamh,
goto done;
}
ykclient_set_client (ykc, cfg.client_id, 0, NULL);
rc = ykclient_set_client_b64 (ykc, cfg.client_id, cfg.client_key);
if (rc != YKCLIENT_OK)
{
DBG (("ykclient_set_client_b64() failed (%d): %s",
rc, ykclient_strerror (rc)));
retval = PAM_AUTHINFO_UNAVAIL;
goto done;
}
if (cfg.url)
ykclient_set_url_template (ykc, cfg.url);