Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (pypi.python.org).
Help us improve Python packaging - Donate today!

Pam module to authenticate users using HOTP token.

Project Description

libpam-hotp is a PAM (Pluggable Authentication Modules) module written in Python to authenticate users using an OTP (One Time Password) generated with the HOTP algorithm.

1. Installation

libpam-hotp depend of libpam-python which is packaged into all major distro. The module have been tested with Python 2.6, maybe it also work with 2.5, and certainly with 2.7 version.

After installing the dependencies, you can drop pam_hotp.py into /lib/security directory.

Next step is to setup PAM, and create a file with all your token seeds.

2. Configuration of PAM

libpam-hotp use libpam-python, the latter is actually the called module for PAM, thereby, your rule line will look like this:

auth [POLICY] pam_python.so pam_hotp.py [OPTIONS]

Available options are:

  • file: path to file that store user login - secret seeds mapping (default to /etc/hotp).

Example:

auth sufficient pam_python.so pam_hotp.py file=/etc/hotp_ssh

NOTE: This module only provide the AUTH mecanism.

3. Seeds file:

Seed file store the mapping between an user login and the secret seed code of user’s token.

Each line of this file is an association, each field is separated by an “:” char. The three first fields are mandatory:

  • User login
  • Secret seed code (encoded in hexadecimal form)
  • The number of seconds for a period (see your token datasheet)

You can add two additionals fields:

  • The maximum allowed number of drift periods
  • An hash, used to prompt an additionnal password to the user.

The hash is encoded with it salt with this format: SALT$HASH, hash function is SHA1(CONCAT(PASSWORD, SALT)).

Example:

Here is a complete example for the user stallman, with a token-period of 30 seconds, a maximum drift of 3 periods, and an additionnal password “richard”:

stallman:11223344556677889900AABBCCDDEEFF:30:3:6jsd3$1b6a67161e1cca2b1cd014c59b5bc907435cf8e7
Release History

Release History

This version
History Node

0.1

Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
libpam_hotp-0.1-py2.6.egg (2.1 kB) Copy SHA256 Checksum SHA256 2.6 Egg Oct 21, 2010
libpam_hotp-0.1.tar.gz (2.3 kB) Copy SHA256 Checksum SHA256 Source Oct 21, 2010

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting