Feature #57

Feature #56: Implement OTPme scripts

Implement signing of OTPme scripts

Added by The 2nd about 3 years ago. Updated 2 months ago.

Status:In BearbeitungStart date:13 December 2015
Priority:NormalDue date:
Assignee:The 2nd% Done:

80%

Category:-
Target version:OTPme 0.3

Description

It should be possible to sign OTPme scripts and allow only execution of signed scripts.


Subtasks

Feature #65: implement revoking of script signaturesIn BearbeitungThe 2nd

Feature #74: Implement signature tagsIn Bearbeitung

History

#1 Updated by The 2nd almost 3 years ago

  • % Done changed from 10 to 70
  • Implemented signing of OTPme scripts via RSA private key
  • Verification of signatures are done before executing the script (e.g. OTPme's PAM module can verify the login script signature)
  • Signing is implemented as a bash script via openssl to be as flexible as possible
  • Implemented server side encryption/signing mode where the RSA private key never leaves the OTPme server

#2 Updated by The 2nd 2 months ago

  • Status changed from Neu to In Bearbeitung

#3 Updated by The 2nd 2 months ago

  • Added otpme-tool add/del_signer command to handle host/node local allowed signers
    • Valid signers are users and roles
  • Allow to add per user private signers
  • Added config file options FORCE_TOKEN_SIGNERS, FORCE_KEY_SCRIPT_SIGNERS and FORCE_AGENT_SCRIPT_SIGNERS to override private signers

Also available in: Atom PDF