Steffen Weber wrote: > Hello, > > I´m wondering whether there exists a module that makes it possible to > grant authentiation based upon the return value of an external programm. > > I know that in general it is not such a great idea to rely upon an > external program, but for not-critical services like for example FTP > being able to implement the authentication backend in PHP, Python or > whatever would be great. > > Steffen Steffen: I'm not 100% sure I understand your question, but this is essentially what we do with our strong authentication system. It is a software token, but unlike most, it uses public key encryption to send a PIN to the authentication server. If the PIN, encryption and account check out, a one-time passcode is generated and returned to the user. We have done a number of how-tos that use PAM to authenticate users to webmail, FreeNX, SSH, OpenVPN, etc - all the usual suspects. We have a support for PHP, Python, Ruby, Java, TACACS+, LDAP, etc. All are available at the sourceforge site: http://sourceforge.net/projects/wikid-twofactor/. The open source release is very Redhat/Fedora-oriented at this time. We're working on making it less so. What do you mean by 'not such a great idea'? I would think that, for example, by using public/private keys and validating the second factor (the PIN) on a secure, remote server that it is more secure than using just public keys, which might not be secured by a password. HTH, Nick -- Nick Owen WiKID Systems, Inc. Open Source Two-factor Authentication 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com http://sourceforge.net/projects/wikid-twofactor/ _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
