Обсуждение: Two factor authentication role with password and USB Device for PostgreSQL server
Two factor authentication role with password and USB Device for PostgreSQL server
От
Nima Azizzadeh
Дата:
I'm going to setup 2 factor authentication for my database server. I'm using PostgreSQL 9.4 DBMS on Ubuntu 14.10. I need to force two authentication methods for my database server. The authentication can use password and USB device methods. I already installed pamusb pakages :
sudo apt-get install pamusb-tools libpam-usb
Although I can add devices on my pamusb config file :pamusb-conf --add-device MyDevice
I should define pamusb users and authentication methods. I added this lines to pamusb config between <users>
tags :<user id="postgres"> <device>MyDevice</device> </user>
I also create new pam module in \etc\pam.d directory with the name "mypam" :auth required pam_usb.so
auth include password-auth
account include password-auth
and I edited Postgresql pg_hba.conf file: local all all pam mypam
host all all 127.0.0.1/32 pam mypam
host all all ::1/128 pam mypam
but it doesn't work, can you please help me on this?
Re: Two factor authentication role with password and USB Device for PostgreSQL server
От
Craig Ringer
Дата:
On 16 August 2015 at 20:06, Nima Azizzadeh <n.azizzadeh@gmail.com> wrote: > I'm going to setup 2 factor authentication for my database server. I'm using > PostgreSQL 9.4 DBMS on Ubuntu 14.10. I need to force two authentication > methods for my database server. The authentication can use password and USB > device methods. I already installed pamusb pakages : > > sudo apt-get install pamusb-tools libpam-usb > > Although I can add devices on my pamusb config file : > > pamusb-conf --add-device MyDevice > > I should define pamusb users and authentication methods. I added this lines > to pamusb config between <users> tags : > > <user id="postgres"> <device>MyDevice</device> </user> > > I also create new pam module in \etc\pam.d directory with the name "mypam" : > > auth required pam_usb.so > auth include password-auth > account include password-auth > > and I edited Postgresql pg_hba.conf file: > > local all all pam mypam > host all all 127.0.0.1/32 pam mypam > host all all ::1/128 pam mypam > > but it doesn't work, can you please help me on this? Note that this is a follow-up on these Stack Overflow questions, which received no response at the time they were posted: http://askubuntu.com/questions/634796/two-factor-authentication-with-password-and-usb-device-for-postgresql-server http://stackoverflow.com/questions/31984222/create-a-login-role-for-postgres-using-pam-madule I haven't done much with PAM-USB and PAM integration, so I don't think I can offer much help, at least not quickly. -- Craig Ringer http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services