[haiku-bugs] Re: [Haiku] #11828: Look into using one-time-passwords as secondary authentication method for baron
- From: "jprostko" <trac@xxxxxxxxxxxx>
- Date: Mon, 02 Mar 2015 14:24:39 -0000
#11828: Look into using one-time-passwords as secondary authentication method
for
baron
-------------------------+----------------------------
Reporter: zooey | Owner: haiku-sysadmin
Type: task | Status: new
Priority: normal | Milestone:
Component: Sys-Admin | Version:
Resolution: | Keywords:
Blocked By: | Blocking:
Has a Patch: 0 | Platform: All
-------------------------+----------------------------
Comment (by jprostko):
I can confirm that Centinel's solution works. Currently on the test
deployment (at least for my account), I need a OTP to get on the server
and then an OTP to use sudo. Keep in mind that if you log in and then
immediately go to use sudo, you have to wait for the next OTP in the
rotation. This makes sense though, since they are one-time passwords and
all.
Do we need `su -l` to require a OTP as well? I would think we'd hit the
same problem that Centinel hit when he made the change to having sudo use
the user's password and not the root password for the server. I kind of
think having OTP for sudo is sufficient.
In any case, Oliver, how would you like to proceed? Should only sudo
utilize OTP, or would you like the server login to require it as well.
Maybe it depends on the server?
--
Ticket URL: <https://dev.haiku-os.org/ticket/11828#comment:22>
Haiku <https://dev.haiku-os.org>
Haiku - the operating system.
Other related posts:
