Обсуждение: Two factor authentication role with password and USB Device for PostgreSQL server

Поиск
Список
Период
Сортировка

Two factor authentication role with password and USB Device for PostgreSQL server

От
Nima Azizzadeh
Дата:
I'm going to setup 2 factor authentication for my database server. I'm using PostgreSQL 9.4 DBMS on Ubuntu 14.10. I need to force two authentication methods for my database server. The authentication can use password and USB device methods. I already installed pamusb pakages :
sudo apt-get install pamusb-tools libpam-usb

Although I can add devices on my pamusb config file :pamusb-conf --add-device MyDevice

I should define pamusb users and authentication methods. I added this lines to pamusb config between <users> tags :<user id="postgres"> <device>MyDevice</device> </user>

I also create new pam module in \etc\pam.d directory with the name "mypam" :auth required pam_usb.so
auth include password-auth
account include password-auth

and I edited Postgresql pg_hba.conf file: local all all pam mypam
host all all 127.0.0.1/32 pam mypam
host all all ::1/128 pam mypam

but it doesn't work, can you please help me on this?

Re: Two factor authentication role with password and USB Device for PostgreSQL server

От
Craig Ringer
Дата:
On 16 August 2015 at 20:06, Nima Azizzadeh <n.azizzadeh@gmail.com> wrote:
> I'm going to setup 2 factor authentication for my database server. I'm using
> PostgreSQL 9.4 DBMS on Ubuntu 14.10. I need to force two authentication
> methods for my database server. The authentication can use password and USB
> device methods. I already installed pamusb pakages :
>
> sudo apt-get install pamusb-tools libpam-usb
>
> Although I can add devices on my pamusb config file :
>
> pamusb-conf --add-device MyDevice
>
> I should define pamusb users and authentication methods. I added this lines
> to pamusb config between <users> tags :
>
> <user id="postgres"> <device>MyDevice</device> </user>
>
> I also create new pam module in \etc\pam.d directory with the name "mypam" :
>
> auth required pam_usb.so
> auth include password-auth
> account include password-auth
>
> and I edited Postgresql pg_hba.conf file:
>
> local all all pam mypam
> host all all 127.0.0.1/32 pam mypam
> host all all ::1/128 pam mypam
>
> but it doesn't work, can you please help me on this?


Note that this is a follow-up on these Stack Overflow questions, which
received no response at the time they were posted:

http://askubuntu.com/questions/634796/two-factor-authentication-with-password-and-usb-device-for-postgresql-server

http://stackoverflow.com/questions/31984222/create-a-login-role-for-postgres-using-pam-madule

I haven't done much with PAM-USB and PAM integration, so I don't think
I can offer much help, at least not quickly.

--
 Craig Ringer                   http://www.2ndQuadrant.com/
 PostgreSQL Development, 24x7 Support, Training & Services