This is an old project that I built in 2006 and I haven't updated it since that year.
SMSauth implements a two factor authentication mechanism through a set of applications. This application tries to solve the problems of the traditional authentication mechanism.
GNU GPL version 2.
SMSauth is composed by a PAM authentication module, which generates OTPs, and a server that sends those OTPs through SMS to the user.
The PAM service supported is auth.
To install the pam_smsauth module and be able to run the SMSauth server, the following packets must be installed:
-
PAM (Pluggable Authentication Modules):
-
libpam0g – PAM library.
-
libpam0g-dev – PAM development files.
-
libsqlite3 (sqlite3) – SQLite 3 shared library.
-
-
Python:
-
simplejson - Simple, fast, extensible JSON encoder/decoder for Python.
-
python-gammu – Python module to communicate with mobile phones.
-
libgammu0 – Mobile phone management library.
-
Uncompress the file pam_smsauth.tar.bz2 and execute as root:
~# make
~# make install
This will create and install the pam_smsauth.so in /lib/security.
Then, execute as root the install.sh script. This will create the database that pam_smsauth requires and the directories that will contain the configuration files and the database.
- Configuring pam
Edit the /etc/pam.d/ssh or login file. Between "@include common-auccount" and "@include common-auth", you can add the following settings:
- For debugging and testing: debug on, relaxed to avoid setup errors, always exclude root:
auth requisite pam_smsauth.so debug relaxed except=root
- The most simple setting (using the default values):
auth required pam_smsauth.so
- The secure mode:
auth required pam_smsauth.so debug otptype=alfanum otplen=8
These are the parameters that can be passed to the module:
- debug
- otplen = digit
- otptype= [num|alfa|alfanum]
- relaxed
- expir = digit
- except = string1
- sockpath = string2
Values:
string1 = [a-z]+ {,24}
string2 = [a-zA-Z]+ {,256}
digit = [0-9]+
These are the default values for some parameters:
- otplen = 5
- otptype = num
- sockpath = /var/run/pam_smsauth_sock
- expir = 5
The expir parameter expresses the time in minutes.
Finally IP/SMS gateways must be configured for SMSauth server, editing the /etc/sms_auth/server.conf file.
- Adding a new user
You must complete the GECOS field in the following way:
[user_name;code_area;cel_number;company;]
Note: don't forget the final ";".
Example:
~# adduser pipo
Adding user `pipo'...
Adding new group `pipo' (1001).
Adding new user `pipo' (1001) with group `pipo'.
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for pipo
Enter the new value, or press ENTER for the default
Full Name []: [pipo;261;5010203;cti;]
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [y/N] y
~# cat /etc/passwd | grep pipo
pipo:x:1001:1001:[pipo;261;5010203;cti;],,,:/home/pipo:/bin/bash
-
Or edit the GECOS field of the existent user, adding the user info in the specified format.
-
For ssh add to sshd_config file the following option:
UsePAM yes