Bug#564820: ITP: libpam-barada -- PAM module to provide

2010-02-15 Thread micah anderson 
On Sun, 14 Feb 2010 23:26:47 -0500, micah anderson mi...@riseup.net wrote:
 On Sun, 14 Feb 2010 15:38:28 -0800, Andrew Pollock apoll...@debian.org 
 wrote:
  On Sat, Feb 13, 2010 at 06:22:19PM -0500, micah wrote:
   
   Hey Andrew, any progress on this?
  
  It's all ready to go, I'm just waiting for upstream to make a release that
  addresses
  
  E: libpam-barada: possible-gpl-code-linked-with-openssl
  
  and then it'll be good to go.
 
 Excellent! Are you interested in some testing? I'd be interested to give
 it a try myself, as this is how I stumbled on the ITP, because I was
 wanting it.
 
 I wonder if barada could be linked against gnutls instead?

Looking at it a little closer I actually don't see why barada should
link to openssl at all, it doesn't do any transport-layer security and
is just using the crypto primitives from openssl: openssl/rand.h and
openssl/hmac.h -- pretty straightforward crypto primitives that are
provided by gcrypt. Although it is not the same API (and the header
files aren't named the same), they are conceptually equivalent, so I
think that the right thing to do in this case would be to use gcrypt
instead of openssl...

Switching to that shouldn't be that hard actually, I think even easier
than working out the boring licensing issues.

micah



pgpBLTxPlnSiF.pgp
Description: PGP signature

Bug#564820: ITP: libpam-barada -- PAM module to provide

2010-02-15 Thread Andrew Pollock 
On Mon, Feb 15, 2010 at 07:10:12PM -0500, micah anderson wrote:
 
 Switching to that shouldn't be that hard actually, I think even easier
 than working out the boring licensing issues.

Either way, I'm dependent on upstream doing *something*.

regards

Andrew


signature.asc
Description: Digital signature

Bug#564820: ITP: libpam-barada -- PAM module to provide

2010-02-14 Thread Andrew Pollock 
On Sat, Feb 13, 2010 at 06:22:19PM -0500, micah wrote:
 
 Hey Andrew, any progress on this?

It's all ready to go, I'm just waiting for upstream to make a release that
addresses

E: libpam-barada: possible-gpl-code-linked-with-openssl

and then it'll be good to go.


signature.asc
Description: Digital signature

Bug#564820: ITP: libpam-barada -- PAM module to provide

2010-02-14 Thread micah anderson 
On Sun, 14 Feb 2010 15:38:28 -0800, Andrew Pollock apoll...@debian.org wrote:
 On Sat, Feb 13, 2010 at 06:22:19PM -0500, micah wrote:
  
  Hey Andrew, any progress on this?
 
 It's all ready to go, I'm just waiting for upstream to make a release that
 addresses
 
   E: libpam-barada: possible-gpl-code-linked-with-openssl
 
 and then it'll be good to go.

Excellent! Are you interested in some testing? I'd be interested to give
it a try myself, as this is how I stumbled on the ITP, because I was
wanting it.

I wonder if barada could be linked against gnutls instead?

micah


pgpSqApxE78so.pgp
Description: PGP signature

Bug#564820: ITP: libpam-barada -- PAM module to provide

2010-02-13 Thread micah 

Hey Andrew, any progress on this?

  it was written specifically with Android devices in mind.
 There are many HOTP client out there[1]. Is it really android specific
 in any way?  I suggest dropping that sentence.

The piece that would be put in Debian is not Android specific, but there
is a companion application that goes along with barada that is for
Android.

Also, you say that there are many HOTP clients out there, but I have not
found any easy ones such as this one for Debian. Also your URL you cite
is a 404:

 [1] http://rcdevs.com/products/openotp/tokens.php


 There is companion software which runs on Android, so that your
^^ ${your phone}

Is that true? Maybe this libpam-barada works for other HOTP clients,
with different client software on other phones, but this is the text
From the upstream and unless someone is able to determine that it works
on non-android phones, it seems a little too soon to generalize it.

 I suppose this new RFC is more secure than plain old OTP/OPIE (?). In
 any case, the package could include those 2 keyword for `aptitude
 search`

I think the existence of OTP in HTOP will cause aptitude to find
it. OPIE is just another OTP implementation, just like HOTP is, so I'm
not sure if it needs to be listed, but I wouldn't care if someone did.

micah


pgphbmZA7R3p7.pgp
Description: PGP signature

Bug#564820: ITP: libpam-barada -- PAM module to provide two-factor authentication based on HOTP

2010-01-12 Thread Frank Lin PIAT 
On Mon, 2010-01-11 at 18:22 -0800, Andrew Pollock wrote:
 
 * Package name: libpam-barada
   Description : PAM module to provide two-factor authentication based on 
 HOTP
 
  Use HOTP (RFC4226) two-factor authentication with PAM.
[..]
  While this module could be used in conjunction with many different
  client devices,

  it was written specifically with Android devices in mind.

There are many HOTP client out there[1]. Is it really android specific
in any way?
I suggest dropping that sentence.

 There is companion software which runs on Android, so that your
^^ ${your phone}
  phone essentially becomes a SecureID token.  All you need to do is
  open up the software, type in your PIN, and you get back a 6-character
  number that you can use to login to your system.

[1] http:// rcdevs.com/products/openotp/tokens.php


I suppose this new RFC is more secure than plain old OTP/OPIE (?). In
any case, the package could include those 2 keyword for `aptitude
search`


Franklin




-- 
To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#564820: ITP: libpam-barada -- PAM module to provide two-factor authentication based on HOTP

2010-01-12 Thread Peter Samuelson 

[Andrew Pollock]
 * Package name: libpam-barada
   Description : PAM module to provide two-factor authentication based on 
 HOTP

I would suggest that the PAM architecture is better suited to providing
only _one_ factor of authentication per plugin.  Does this module
really implement two factors?  If not, you probably shouldn't claim
that it does.



-- 
To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#564820: ITP: libpam-barada -- PAM module to provide two-factor authentication based on HOTP

2010-01-11 Thread Andrew Pollock 
Package: wnpp
Severity: wishlist
Owner: Andrew Pollock apoll...@debian.org

* Package name: libpam-barada
  Version : 0.4
  Upstream Author : Moxie Marlinspike mo...@thoughtcrime.org
* URL : http://barada.sourceforge.net/
* License : GPL
  Programming Lang: C++
  Description : PAM module to provide two-factor authentication based on 
HOTP

 Use HOTP (RFC4226) two-factor authentication with PAM.
 .
 In addition to a normal password, users are also assigned a 128 bit key and
 arbitrary-length PIN number. Every time you'd like to login using a OTP, you
 calculate a secure hash based on your assigned PIN and an increasing counter,
 the result of which is a six character one time password.
 .
 While this module could be used in conjunction with many different
 client devices, it was written specifically with Android devices in
 mind.  There is companion software which runs on Android, so that your
 phone essentially becomes a SecureID token.  All you need to do is
 open up the software, type in your PIN, and you get back a 6-character
 number that you can use to login to your system.


-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)



-- 
To UNSUBSCRIBE, email to debian-wnpp-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#564820: ITP: libpam-barada -- PAM module to provide two-factor authentication based on HOTP

2010-01-11 Thread Eric Dorland 
Hey Andrew,

I had filed #520199 to package this ages ago but never got around to
it. Please merge that bug and take this ITP with my blessing :)

* Andrew Pollock (apoll...@debian.org) wrote:
 Package: wnpp
 Severity: wishlist
 Owner: Andrew Pollock apoll...@debian.org
 
 * Package name: libpam-barada
   Version : 0.4
   Upstream Author : Moxie Marlinspike mo...@thoughtcrime.org
 * URL : http://barada.sourceforge.net/
 * License : GPL
   Programming Lang: C++
   Description : PAM module to provide two-factor authentication based on 
 HOTP
 
  Use HOTP (RFC4226) two-factor authentication with PAM.
  .
  In addition to a normal password, users are also assigned a 128 bit key and
  arbitrary-length PIN number. Every time you'd like to login using a OTP, you
  calculate a secure hash based on your assigned PIN and an increasing counter,
  the result of which is a six character one time password.
  .
  While this module could be used in conjunction with many different
  client devices, it was written specifically with Android devices in
  mind.  There is companion software which runs on Android, so that your
  phone essentially becomes a SecureID token.  All you need to do is
  open up the software, type in your PIN, and you get back a 6-character
  number that you can use to login to your system.
 
 
 -- System Information:
 Debian Release: 5.0.3
   APT prefers stable
   APT policy: (500, 'stable')
 Architecture: i386 (i686)
 
 
 

-- 
Eric Dorland e...@kuroneko.ca
ICQ: #61138586, Jabber: ho...@jabber.com



signature.asc
Description: Digital signature