Skip to content
pam module that authenticates against a hmac-sha256 token
C
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
Makefile
README.md
arduino-serial.c
crackkey.c
genkey.c
hmac_sha2.c
hmac_sha2.h
mongoose.c
mongoose.h
pam_pig.c
pig.c
pig.h
pig_pen.c
pig_pen.init
sha2.c
sha2.h
test-hmac.c
test-pam.c
test.key
transmitkey.c
verifykey.c

README.md

PAM PIG

Pam module to enable PIG strong authentication

Debian

1. Pre-requisites

apt-get install build-essential git-core libpam0g-dev libcurl4-gnutls-dev libqrencode-dev libpng12-dev

2. Installation

Installing pam module

cp pam_pig.so /lib/security

Create secrets directory

mkdir -p /etc/pig/secrets
cp temp.key /etc/pig/secrets/<USER>

Configure Pam

edit /etc/pam.d/common-auth adding this before pam_unix.so

# url: URL to pig_pen server
# system_is_down: allow user to login even if pig_pen server is down
# stacked_pass: pig password appended to normal pass, and passed to next pam
auth required pam_pig.so sandwich=yes
auth required pam_unix.so nullok_secure try_first_pass
auth [success=1 default=ignore] pam_pig.so bottom=yes

OR

edit /etc/pam.d/common-auth for password then oink

auth    required        pam_unix.so try_first_pass nullok_secure                                                      
auth    [success=1 default=ignore]     pam_pig.so 

Configure SSHD

edit /etc/ssh/sshd_config and change ChallengeResponseAuthentication AND UsePAM to:

ChallengeResponseAuthentication yes
UsePAM yes

TODO

  • QR console output
  • Make a deb
  • Clean up init file
  • Sign results
  • Logging
  • Verify permissions
  • add support for base 10, and base 32 number systems
  • convert to sha512 across board
  • shift keysize 128
  • rewrite avr code
  • qr code base 64
  • experation date
  • output options
  • hashing function phone apps
  • figure out bug in qr code image generation
Something went wrong with that request. Please try again.