| commit | 092da2fee6ea4daeb5b8d3ad7b9e0b341e902504 | [log] [tgz] |
|---|---|---|
| author | Greg Stein <gstein@gmail.com> | Fri Dec 06 15:26:07 2019 -0600 |
| committer | GitHub <noreply@github.com> | Fri Dec 06 15:26:07 2019 -0600 |
| tree | a7cba9611fbf6e952263b66e199bc446489da5d8 | |
| parent | 6d60745270be63bc2ae28f7a0530c90f6484232e [diff] |
tweak wording
Command-line OTP calculator, with automatic password creation/storage.
The Apache Software Foundation (ASF) uses the Orthrus PAM module on its machines/VMs. Orthrus implements RFC 2289 to offer One Time Password (OTP) challenges, in order to sudo. That package emits MD5-based challenges (otp-md5), so this script only constructs MD5-based responses.
[remote]$ sudo bash otp-md5 440 someseed ext Password: [local]$ ./otp.py Challenge? otp-md5 440 someseed ext Response: MEAT SAD JERK STUN ARGO ITS NOTE: copied to clipboard
Note that you must copy/paste the challenge string from the remote host to the prompt on the local host. The response can then be pasted into the remote host's Password: prompt.
If the local host has the xclip program, then the reponse will be automatically copied to the clipboard. If that is not present, or does not exit with success, then the response string can be manually copied, then pasted to the remote.
$ ./otp.py --test
This will run a few internal tests. Any problems will raise an AssertionError
If new seed is seen (ie. by running ortpasswd), then otp.py will construct a new password and store the seed and password into $HOME/.otp. The password will be used the next time the seed is seen.
xclip fails, try using pbcopy to support macOSkeyring python package to support keyrings instead of a plaintext fileLicensed under the Apache License, v2.0