{"id":604,"date":"2016-06-30T11:29:34","date_gmt":"2016-06-30T03:29:34","guid":{"rendered":"http:\/\/www.ipcpu.com\/?p=604"},"modified":"2016-06-30T11:29:34","modified_gmt":"2016-06-30T03:29:34","slug":"linux-mfa-c","status":"publish","type":"post","link":"https:\/\/c.ipcpu.com\/2016\/06\/linux-mfa-c\/","title":{"rendered":"Linux \u53cc\u56e0\u5b50\u8ba4\u8bc1\uff08\u5bc6\u7801+PIN\uff09C\u8bed\u8a00\u7248"},"content":{"rendered":"
Linux \u53cc\u56e0\u5b50\u8ba4\u8bc1\uff08\u5bc6\u7801+PIN\uff09C\u8bed\u8a00\u7248.md<\/p>\n
<\/p>\n
Linux C\u8bed\u8a00 PAM SSH 2 Two Multi Factor Authentication Login \u53cc\u56e0\u5b50 \u591a\u56e0\u5b50 \u5bc6\u4fdd TOKEN \u4e00\u6b21\u6027\u53e3\u4ee4 PASSPOD OTP yubikey \u8ba4\u8bc1 \u5b89\u5168 \u767b\u5f55<\/p>\n
\u6700\u7b80\u5355\u7684\u5b9e\u73b0\u7684\u65b9\u5f0f\uff0c\u7528\u6237SSH\u767b\u5f55\u65f6\u9700\u8981\u8f93\u5165\u7528\u6237\u540d+PIN+\u5bc6\u7801\u65b9\u5f0f\u624d\u80fd\u767b\u5f55\u3002
\n\u8fd9\u91cc\u7684PIN\u662f\u4e00\u4e2a\u5b57\u7b26\u4e32\uff0c\u4f8b\u5982\u201dipcpu.com\u201d\u6216\u8005\u7535\u8bdd\u53f7\u78016192*<\/em>\uff0c\u56fa\u5b9a\u6b7b\u7684\uff0c\u4e0d\u4f1a\u53d8\uff0c\u6240\u6709\u7528\u6237\u5171\u4eab\u3002<\/p>\n[<\/span>root@control<\/span>.<\/span>ipcpu<\/span>.<\/span>com <\/span>~]#<\/span> ssh ipcpu@211<\/span>.<\/span>81.175<\/span>.<\/span>101<\/span><\/code><\/li>
PIN<\/span>:<\/span> <\/span>6192<\/span>***<\/span><\/code><\/li>
Password<\/span>:<\/span><\/code><\/li>
[<\/span>ipcpu@s18<\/span>.<\/span>ipcpu<\/span>.<\/span>com <\/span>~]<\/span>$<\/span><\/code><\/li>
[<\/span>ipcpu@s18<\/span>.<\/span>ipcpu<\/span>.<\/span>com <\/span>~]<\/span>$<\/span><\/code><\/li>
[<\/span>ipcpu@s18<\/span>.<\/span>ipcpu<\/span>.<\/span>com <\/span>~]<\/span>$id<\/span><\/code><\/li>
uid<\/span>=<\/span>501<\/span>(<\/span>ipcpu<\/span>)<\/span> gid<\/span>=<\/span>501<\/span>(<\/span>ipcpu<\/span>)<\/span> groups<\/span>=<\/span>501<\/span>(<\/span>ipcpu<\/span>)<\/span><\/code><\/li><\/ol><\/pre>\n
\u5b9e\u73b0\u4ee3\u7801\uff08C\u8bed\u8a00\uff09<\/h2>\n
\/*******************************************************************************<\/span><\/code><\/li>
* file: 2ndfactor.c<\/span><\/code><\/li>
* author: www.ipcpu.com<\/span><\/code><\/li>
* description: PAM module to provide 2 factor authentication<\/span><\/code><\/li>
*******************************************************************************\/<\/span><\/code><\/li>
#include<\/span> <\/span><stdio.h><\/span><\/code><\/li>
#include<\/span> <\/span><stdlib.h><\/span><\/code><\/li>
#include<\/span> <\/span><string.h><\/span><\/code><\/li>
#include<\/span> <\/span><curl\/curl.h><\/span><\/code><\/li>
#include<\/span> <\/span><security\/pam_appl.h><\/span><\/code><\/li>
#include<\/span> <\/span><security\/pam_modules.h><\/span><\/code><\/li>
<\/code><\/li>
\/* expected hook *\/<\/span><\/code><\/li>
PAM_EXTERN <\/span>int<\/span> pam_sm_setcred<\/span>(<\/span> <\/span>pam_handle_t<\/span> <\/span>*<\/span>pamh<\/span>,<\/span> <\/span>int<\/span> flags<\/span>,<\/span> <\/span>int<\/span> argc<\/span>,<\/span> <\/span>const<\/span> <\/span>char<\/span> <\/span>**<\/span>argv <\/span>)<\/span> <\/span>{<\/span><\/code><\/li>
<\/span>return<\/span> PAM_SUCCESS <\/span>;<\/span><\/code><\/li>
}<\/span><\/code><\/li>
<\/code><\/li>
<\/code><\/li>
\/* this function is ripped from pam_unix\/support.c, it lets us do IO via PAM *\/<\/span><\/code><\/li>
int<\/span> converse<\/span>(<\/span> <\/span>pam_handle_t<\/span> <\/span>*<\/span>pamh<\/span>,<\/span> <\/span>int<\/span> nargs<\/span>,<\/span> <\/span>struct<\/span> pam_message <\/span>**<\/span>message<\/span>,<\/span> <\/span>struct<\/span> pam_response <\/span>**<\/span>response <\/span>)<\/span> <\/span>{<\/span><\/code><\/li>
<\/span>int<\/span> retval <\/span>;<\/span><\/code><\/li>
<\/span>struct<\/span> pam_conv <\/span>*<\/span>conv <\/span>;<\/span><\/code><\/li>
<\/code><\/li>
retval <\/span>=<\/span> pam_get_item<\/span>(<\/span> pamh<\/span>,<\/span> PAM_CONV<\/span>,<\/span> <\/span>(<\/span>const<\/span> <\/span>void<\/span> <\/span>**)<\/span> <\/span>&<\/span>conv <\/span>)<\/span> <\/span>;<\/span><\/code><\/li>
<\/span>if<\/span>(<\/span> retval<\/span>==<\/span>PAM_SUCCESS <\/span>