Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
PAM Module Concept
We have the following one time password page: https://dappnode.github.io/DAppNode_OTP/
The parameters will be passed onto the url encoded using base64url
Since the parameters go after # these will never be sent to the github servers so they are resolved internally in the browser.
This website is intended to generate a random password based on the password provide by the url. For this purpose, the password sent in the url will be used as a prefix and a random number will be added after it. The web page should also generate a new and unique password each time it is accessed or refreshed.
"pass":"MC4xO2VkdTtwYXNz" -> "pass":"MC4xO2VkdTtwYXNz-902312" "pass":"MC4xO2VkdTtwYXNz" -> "pass":"MC4xO2VkdTtwYXNz-234512" "pass":"MC4xO2VkdTtwYXNz" -> "pass":"MC4xO2VkdTtwYXNz-132513" ...
Initially, the PAM module must accept any password for a user that contains the indicated prefix.
In this example any password of the form
MC4xO2VkdTtwYXNz-* will be valid for the user
So you could connect to the vpn with these passwords:
MC4xO2VkdTtwYXNz-902312 MC4xO2VkdTtwYXNz-234512 MC4xO2VkdTtwYXNz-132513 ...
The first time the user
vpn_user connects to the VPN (
MC4xO2VkdTtwYXNz-234512), the VPN must start accepting only this new password and the rest of the passwords will no longer be valid, this way you can only access with the first password that is registered in the system.