Separate configuration from living data in the PAM module #166

ThomasHabets · 2014-10-10T08:06:42Z

Original issue 167 created by raphink on 2012-04-21T09:02:48.000Z:

Currently, the PAM module relies on one file per user: ~/.google_authenticator.

While this is simple, it mixes the configuration and living data in one file. The problem I have is when deploying this file on machines automatically: the file I deploy is a configuration file, containing the secret key, parameters and scratch codes available.

If for example I use one of the scratch codes, the file gets modified, but the configuration manager (puppet for example) will replace it with the same scratch codes next time it runs.

Ideally, the PAM module would use two files:

One for static configuration (secret key, parameters, scratch codes);
One for living data (used scratch codes, timestamps for rate limit, etc.).

ThomasHabets · 2016-11-09T10:19:16Z

This issue was moved to google/google-authenticator-libpam#35

ThomasHabets assigned google Oct 10, 2014

ThomasHabets added Type-Defect Priority-Medium libpam Type-Enhancement and removed Type-Defect labels Oct 10, 2014

ThomasHabets unassigned google Oct 10, 2014

ThomasHabets added enhancement and removed Type-Enhancement labels Jun 30, 2015

ThomasHabets mentioned this issue Nov 9, 2016

Separate configuration from living data in the PAM module google/google-authenticator-libpam#35

Open

ThomasHabets closed this as completed Nov 9, 2016

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Separate configuration from living data in the PAM module #166

Separate configuration from living data in the PAM module #166

ThomasHabets commented Oct 10, 2014

ThomasHabets commented Nov 9, 2016

Separate configuration from living data in the PAM module #166

Separate configuration from living data in the PAM module #166

Comments

ThomasHabets commented Oct 10, 2014

ThomasHabets commented Nov 9, 2016