This shows you the differences between two versions of the page.
isc:labs:04 [2024/03/24 22:54] florin.stancu [07. [30p] Multi-Factor Authentication] |
isc:labs:04 [2024/03/24 23:00] (current) florin.stancu [07. [30p] Multi-Factor Authentication] |
||
---|---|---|---|
Line 182: | Line 182: | ||
Solve the remaining TODOs(7.*) in ''auth.py'' to integrate your MFA (note: the TOTP's secret key should be the same!). | Solve the remaining TODOs(7.*) in ''auth.py'' to integrate your MFA (note: the TOTP's secret key should be the same!). | ||
+ | |||
+ | <note> | ||
+ | **Hint / workaround:** PAM only gives you one ''input()'' with the user-typed password (then closes stdin, any following reads will get EOF). | ||
+ | So, in order to read both a password and a numeric TOTP code, you must read them all at once (use whatever convention you desire, e.g.: password then 6-digit code either concatenated or split by space, then parse/extract it in Python). | ||
+ | |||
+ | Custom ''.so'' PAM plugins have no such limitations (but you must then write them in a system programming language). | ||
+ | </note> | ||
<note important>If you're getting an error (e.g., invalid padding) while scanning QR / verifying the TOTP, make sure ''TOTP_SECRET'' is 32 bytes in length!</note> | <note important>If you're getting an error (e.g., invalid padding) while scanning QR / verifying the TOTP, make sure ''TOTP_SECRET'' is 32 bytes in length!</note> |