Bug#564820: ITP: libpam-barada -- PAM module to provide
Hey Andrew, any progress on this? >> it was written specifically with Android devices in mind. > There are many HOTP client out there[1]. Is it really android specific > in any way? I suggest dropping that sentence. The piece that would be put in Debian is not Android specific, but there is a companion application that goes along with barada that is for Android. Also, you say that there are many HOTP clients out there, but I have not found any easy ones such as this one for Debian. Also your URL you cite is a 404: > [1] http://rcdevs.com/products/openotp/tokens.php > There is companion software which runs on Android, so that your ^^ ${your phone} Is that true? Maybe this libpam-barada works for other HOTP clients, with different client software on other phones, but this is the text From the upstream and unless someone is able to determine that it works on non-android phones, it seems a little too soon to generalize it. > I suppose this new RFC is more secure than plain old OTP/OPIE (?). In > any case, the package could include those 2 keyword for `aptitude > search` I think the existence of OTP in HTOP will cause aptitude to find it. OPIE is just another OTP implementation, just like HOTP is, so I'm not sure if it needs to be listed, but I wouldn't care if someone did. micah pgphbmZA7R3p7.pgp Description: PGP signature
Bug#564820: ITP: libpam-barada -- PAM module to provide
On Sat, Feb 13, 2010 at 06:22:19PM -0500, micah wrote: > > Hey Andrew, any progress on this? It's all ready to go, I'm just waiting for upstream to make a release that addresses E: libpam-barada: possible-gpl-code-linked-with-openssl and then it'll be good to go. signature.asc Description: Digital signature
Bug#564820: ITP: libpam-barada -- PAM module to provide
On Sun, 14 Feb 2010 15:38:28 -0800, Andrew Pollock wrote: > On Sat, Feb 13, 2010 at 06:22:19PM -0500, micah wrote: > > > > Hey Andrew, any progress on this? > > It's all ready to go, I'm just waiting for upstream to make a release that > addresses > > E: libpam-barada: possible-gpl-code-linked-with-openssl > > and then it'll be good to go. Excellent! Are you interested in some testing? I'd be interested to give it a try myself, as this is how I stumbled on the ITP, because I was wanting it. I wonder if barada could be linked against gnutls instead? micah pgpSqApxE78so.pgp Description: PGP signature
Bug#564820: ITP: libpam-barada -- PAM module to provide
On Sun, 14 Feb 2010 23:26:47 -0500, micah anderson wrote: > On Sun, 14 Feb 2010 15:38:28 -0800, Andrew Pollock > wrote: > > On Sat, Feb 13, 2010 at 06:22:19PM -0500, micah wrote: > > > > > > Hey Andrew, any progress on this? > > > > It's all ready to go, I'm just waiting for upstream to make a release that > > addresses > > > > E: libpam-barada: possible-gpl-code-linked-with-openssl > > > > and then it'll be good to go. > > Excellent! Are you interested in some testing? I'd be interested to give > it a try myself, as this is how I stumbled on the ITP, because I was > wanting it. > > I wonder if barada could be linked against gnutls instead? Looking at it a little closer I actually don't see why barada should link to openssl at all, it doesn't do any transport-layer security and is just using the crypto primitives from openssl: openssl/rand.h and openssl/hmac.h -- pretty straightforward crypto primitives that are provided by gcrypt. Although it is not the same API (and the header files aren't named the same), they are conceptually equivalent, so I think that the right thing to do in this case would be to use gcrypt instead of openssl... Switching to that shouldn't be that hard actually, I think even easier than working out the boring licensing issues. micah pgpBLTxPlnSiF.pgp Description: PGP signature
Bug#564820: ITP: libpam-barada -- PAM module to provide
On Mon, Feb 15, 2010 at 07:10:12PM -0500, micah anderson wrote: > > Switching to that shouldn't be that hard actually, I think even easier > than working out the boring licensing issues. Either way, I'm dependent on upstream doing *something*. regards Andrew signature.asc Description: Digital signature
Bug#564820: ITP: libpam-barada -- PAM module to provide two-factor authentication based on HOTP
Package: wnpp Severity: wishlist Owner: Andrew Pollock * Package name: libpam-barada Version : 0.4 Upstream Author : Moxie Marlinspike * URL : http://barada.sourceforge.net/ * License : GPL Programming Lang: C++ Description : PAM module to provide two-factor authentication based on HOTP Use HOTP (RFC4226) two-factor authentication with PAM. . In addition to a normal password, users are also assigned a 128 bit key and arbitrary-length PIN number. Every time you'd like to login using a OTP, you calculate a secure hash based on your assigned PIN and an increasing counter, the result of which is a six character one time password. . While this module could be used in conjunction with many different client devices, it was written specifically with Android devices in mind. There is companion software which runs on Android, so that your phone essentially becomes a SecureID token. All you need to do is open up the software, type in your PIN, and you get back a 6-character number that you can use to login to your system. -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#564820: ITP: libpam-barada -- PAM module to provide two-factor authentication based on HOTP
Hey Andrew, I had filed #520199 to package this ages ago but never got around to it. Please merge that bug and take this ITP with my blessing :) * Andrew Pollock (apoll...@debian.org) wrote: > Package: wnpp > Severity: wishlist > Owner: Andrew Pollock > > * Package name: libpam-barada > Version : 0.4 > Upstream Author : Moxie Marlinspike > * URL : http://barada.sourceforge.net/ > * License : GPL > Programming Lang: C++ > Description : PAM module to provide two-factor authentication based on > HOTP > > Use HOTP (RFC4226) two-factor authentication with PAM. > . > In addition to a normal password, users are also assigned a 128 bit key and > arbitrary-length PIN number. Every time you'd like to login using a OTP, you > calculate a secure hash based on your assigned PIN and an increasing counter, > the result of which is a six character one time password. > . > While this module could be used in conjunction with many different > client devices, it was written specifically with Android devices in > mind. There is companion software which runs on Android, so that your > phone essentially becomes a SecureID token. All you need to do is > open up the software, type in your PIN, and you get back a 6-character > number that you can use to login to your system. > > > -- System Information: > Debian Release: 5.0.3 > APT prefers stable > APT policy: (500, 'stable') > Architecture: i386 (i686) > > > -- Eric Dorland ICQ: #61138586, Jabber: ho...@jabber.com signature.asc Description: Digital signature
Bug#564820: ITP: libpam-barada -- PAM module to provide two-factor authentication based on HOTP
On Mon, 2010-01-11 at 18:22 -0800, Andrew Pollock wrote: > > * Package name: libpam-barada > Description : PAM module to provide two-factor authentication based on > HOTP > > Use HOTP (RFC4226) two-factor authentication with PAM. [..] > While this module could be used in conjunction with many different > client devices, > it was written specifically with Android devices in mind. There are many HOTP client out there[1]. Is it really android specific in any way? I suggest dropping that sentence. > There is companion software which runs on Android, so that your ^^ ${your phone} > phone essentially becomes a SecureID token. All you need to do is > open up the software, type in your PIN, and you get back a 6-character > number that you can use to login to your system. [1] http:// rcdevs.com/products/openotp/tokens.php I suppose this new RFC is more secure than plain old OTP/OPIE (?). In any case, the package could include those 2 keyword for `aptitude search` Franklin -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#564820: ITP: libpam-barada -- PAM module to provide two-factor authentication based on HOTP
[Andrew Pollock] > * Package name: libpam-barada > Description : PAM module to provide two-factor authentication based on > HOTP I would suggest that the PAM architecture is better suited to providing only _one_ factor of authentication per plugin. Does this module really implement two factors? If not, you probably shouldn't claim that it does. -- To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org