NAME¶

pam_barada - PAM module to allow HOTP authentication

SYNOPSIS¶

pam_barada.so

DESCRIPTION¶

This PAM module is designed to provide two-factor authentication support, based on an algorithm outlined in RFC 4226 known as HOTP.

And that's why this exists. It's an implementation of the HOTP protocol in the form of a PAM module. Basically, in addition to a normal password, users are also assigned a 128 bit key and arbitrary-length PIN number. Every time you'd like to login using a OTP, you calculate a secure hash based on your assigned PIN and an increasing counter, the result of which is a six character one time password.

While this module could be used in conjunction with many different client devices, it was written specifically with Android devices in mind. There is companion software which runs on Android, so that your phone essentially becomes a SecureID token. All you need to do is open up the software, type in your PIN, and you get back a 6-character number that you can use to login to your system.

MODULE TYPES PROVIDED¶

Only the auth type is provided.

EXAMPLES¶

Add the following line to /etc/pam.d/login to HOTP style login:

auth sufficient pam_barada.so

SEE ALSO¶

barada-add(8), pam.conf(5)

RFC 4226 - HOTP: An HMAC-Based One-Time Password Algorithm

http://www.rfc-editor.org/rfc/rfc4226.txt