tauceti2/pam_oauth2_device

PAM module OAuth2 Device flow

PAM module for OAuth 2.0 Device flow

Instalation (Ubuntu 16.04)

Read before copy-paste

apt install python python-requests python-qrcode libpam-python python-pip
pip install pyyaml
mkdir /lib/security
cp src/pam_oauth2_device.py /lib/security/
vim /etc/pam_oauth2_device/config.yml

See example_config.yml

Example Configuration (SSH, Ubuntu 16.04)

vim /etc/pam.d/sshd

edit

    auth required pam_python.so pam_oauth2_device.py /etc/pam_oauth2_device/config.yml

vim /etc/ssh/sshd_config

edit

    PermitRootLogin yes
    RSAAuthentication no
    PubkeyAuthentication no
    PasswordAuthentication no
    ChallengeResponseAuthentication yes
    UsePAM yes

systemctl restart sshd

Development

Instalation (Ubuntu 16.04)

apt install pamtester

Configuration (Ubuntu 16.04)

vim /etc/pam.d/pamtester

create

    auth required pam_python.so pam_oauth2_device.py

Deploy

cp src/pam_oauth2_device.py /lib/security/

Test

pamtester -v pamtester username authenticate