Define two factor authentication for Postgresql Server

Поиск
Список
Период
Сортировка
От Nima Azizzadeh
Тема Define two factor authentication for Postgresql Server
Дата
Msg-id CAGVXacZeR0mky_txLs0cyP=BLRJN1vsTuQt5wj0aBM0eRhjMNA@mail.gmail.com
обсуждение исходный текст
Ответы Re: Define two factor authentication for Postgresql Server
Список pgsql-admin
Дерево обсуждения
Hello,
I'm going to create two factor authentication for pgadmin server...
I'm using postgresql 9.4 with pgadmin III on Linux Mint 17.2 32bit...
I already have 1 password authentication but For better security, I just want to force 2 of them. The authentication factors could be any things(what user has,what user knows,where user is or what user is).
for example:
The first factor is "password(what user knows)" and the second is "USB device(what user has)". I need to force Postgresql to check both for authenticate user and connect him to the server. I send you a screenshot from pgAdmin server authenticate screen and I'm going to implement 2 factor authentication for this. I not talking about OS authentication. All authenticate operation should operate from Postgresql.

I already try this for login into pgAdmin through password and USB:
I installed pamusb pakages :
sudo apt-get install pamusb-tools libpam-usb

Although I can add devices on my pamusb config file :pamusb-conf --add-device MyDevice

and I can define pamusb users. I added this lines to pamusb config between <users> tags :<user id="postgres"> <device>MyDevice</device> </user>

My guess : I think I should write module in /etc/pam.d and edit pg_hba.conf file to define login method for local users :
local     all    all          pam     pamservice=mypam
but I don't know how to write module to force both authentication methods for this(both are required).

Any help would be appreciated...
Вложения

В списке pgsql-admin по дате отправления:

Предыдущее
От: Adrian Klaver
Дата:
Сообщение: Re: [GENERAL] $libdir/mysql_fdw
Следующее
От: "Gunnar \"Nick\" Bluth"
Дата:
Сообщение: Re: Define two factor authentication for Postgresql Server