/linotp-auth-pam

LinOTP PAM module

Primary LanguageCGNU General Public License v2.0GPL-2.0

#
#    linotp-auth-pam - LinOTP PAM module
#    Copyright (C) 2010 - 2017 KeyIdentity GmbH
#
#    This program is free software: you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation, either version 2 of the License, or
#    (at your option) any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#    You should have received a copy of the GNU General Public License
#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
#
#     E-mail: linotp@keyidentity.com
#     Contact: www.linotp.org
#     Support: www.keyidentity.com
#


This is the LinOTP pam module, which will send the username and
password - including otp - to the LinOTP-server to verify.

Thus you can login via OTP to every service that supports pam.

copy your /etc/pam.d/common_auth to something like /etc/pam.d/linotp_auth and replace the line
   auth ...... pam_unix.so

with
   auth ...... pam_linotp.so

Now you can use the
  @include linotp_auth
in every service you want to authenticate with OTP.

Config options to be set in the pam configuration:
        url=http://localhost:5001/validate/simplecheck
        nosslhostnameverify
        nosslcertverify
        realm=<yourRealm>
        resConf=<specialResolverConfig>


Have fun.