[haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron

• From: "jprostko" <trac@xxxxxxxxxxxx>
• Date: Thu, 12 Feb 2015 20:42:02 -0000

#11828: Look into using one-time-passwords as secondary authentication method 
for
baron
-------------------------+----------------------------
   Reporter:  zooey      |      Owner:  haiku-sysadmin
       Type:  task       |     Status:  new
   Priority:  normal     |  Milestone:
  Component:  Sys-Admin  |    Version:
 Resolution:             |   Keywords:
 Blocked By:             |   Blocking:
Has a Patch:  0          |   Platform:  All
-------------------------+----------------------------

Comment (by jprostko):

 Replying to [comment:18 zooey]:
 > Centinel, jprostko: I'm impressed :-)
 Thanks!  I'll admit that Centinel has done most of the work so far,
 although I have been doing testing when I can.
 > Once you've ironed out that last subtle detail, I think we can copy your
 OTP implementation onto on of the VMs running on baron (either vmdev or
 vmweb).
 Isn't the plan to update them to OpenSuse 13.2 first due to the "PAM lag"
 issue present in 13.1?
 > While thinking about the VMs, an "interesting" aspect crossed my mind:
 vmrepo hosts the git repositories, so a lot of people login via ssh in
 order to push any changesets upstream. The interesting part is that this
 includes admins, too. We can't ask every of these users for an OTP every
 time they push a changeset, so maybe we should limit the OTP requirement
 to the invocation of sudo? What do you think? Would it maybe even make
 sense to implement that scheme generally, i.e. only every require OTP for
 sudo?
 This is an interesting problem.  Centinel will probably have a better
 answer, but I think it should be a matter of adding the pam_oath.so line
 to the /etc/pam.d/sudo file.  It is kind of interesting to only require
 OTP for running sudo, although that could potentially get annoying if the
 sudo timeout (timestamp_timeout) isn't set relatively high.  I guess it
 depends on a given admin's workflow though.

--
Ticket URL: <https://dev.haiku-os.org/ticket/11828#comment:19>
Haiku <https://dev.haiku-os.org>
Haiku - the operating system.

• References:
  • [haiku-bugs] [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron
    • From: zooey

Other related posts:

• » [haiku-bugs] [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- zooey
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- zooey
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- jprostko
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- Centinel
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- richienyhus
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- luroh
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- zooey
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- jprostko
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- zooey
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- jprostko
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- richienyhus
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- Centinel
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- jprostko
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- zooey
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- Centinel
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- jprostko
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- Centinel
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- jprostko
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- zooey
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron - jprostko
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- Centinel
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- Centinel
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- jprostko
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- zooey
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- Centinel
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- zooey
• » [haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron- zooey

1. Home
2. haiku-bugs
3. Archive
4. 02-2015

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---