Define two factor authentication for Postgresql Server

Nima Azizzadeh <n.azizzadeh@xxxxxxxxx> · Fri, 28 Aug 2015 18:59:25 +0430

Hello,
I'm going to create two factor authentication for pgadmin server...
I'm using postgresql 9.4 with pgadmin III on Linux Mint 17.2 32bit...
I
 already have 1 password authentication but For better security, I just 
want to force 2 of them. The authentication factors could be any 
things(what user has,what user knows,where user is or what user is).
for example:
The first factor is "password(what user knows)" and the second is 
"USB device(what user has)". I need to force Postgresql to check both 
for authenticate user and connect him to the server. I send you a 
screenshot from pgAdmin server authenticate screen and I'm going to 
implement 2 factor authentication for this. I not talking about OS 
authentication. All authenticate operation should operate from 
Postgresql. 

I already try this for  login into pgAdmin  through password and USB:
I installed pamusb pakages :
sudo apt-get install pamusb-tools libpam-usb

Although I can add devices on my pamusb config file :

pamusb-conf --add-device MyDevice

and I can define pamusb users.
I added this lines to pamusb config between <users> tags :

<user id="postgres"> 
        <device>MyDevice</device> 
</user>

My guess : I think I should write module in /etc/pam.d and edit pg_hba.conf file to define login method for local users :
local     all    all          pam     pamservice=mypam
but I don't know how to write module to force both authentication methods for this(both are required).

Any help would be appreciated...

Attachment:
sc.PNG

Description: PNG image
-- 
Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin