[haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron
- From: "zooey" <trac@xxxxxxxxxxxx>
- Date: Tue, 10 Feb 2015 20:57:38 -0000
#11828: Look into using one-time-passwords as secondary authentication method
for
baron
-------------------------+----------------------------
Reporter: zooey | Owner: haiku-sysadmin
Type: task | Status: new
Priority: normal | Milestone:
Component: Sys-Admin | Version:
Resolution: | Keywords:
Blocked By: | Blocking:
Has a Patch: 0 | Platform: All
-------------------------+----------------------------
Comment (by zooey):
Replying to [comment:11 Centinel]:
> I successfully set up TOTP two-factor authentication via oath on
jprostko's test server. In my setup, members of the 'otpusers' group are
required to present an OTP when logging in via SSH. In the interest of
avoid proprietary software (Google Authenticator), I succcessfully used
mOTP and FreeOTP to generate OTPs.
Great, good work! I personally wouldn't want to use stuff like Google
Authenticator either (I use FreeOTP), but I suppose each admin may will
whatever they can live with.
> I'll wait for him to double-check my work, but if it checks out,
hopefully we can move forward with testing.
>
> It's worth noting that two-factor authentication only seems to work with
password-based SSH logins; if you are using SSH keys, it will ignore two-
factor authentication and log you in directly.
Ouch - we should try to overcome that, as we are using key-based
authentication exclusively. Do you think this is a general (i.e.
unavoidable) problem or is rather that you have observed that behaviour
and there may be ways to fix that?
--
Ticket URL: <https://dev.haiku-os.org/ticket/11828#comment:13>
Haiku <https://dev.haiku-os.org>
Haiku - the operating system.
Other related posts:
