Project

General

Profile

Actions
Copy link

Feature #57

open

Feature #56: Implement OTPme scripts

Implement signing of OTPme scripts

Added by The 2nd over 8 years ago. Updated over 5 years ago.

Status:
In Bearbeitung
Priority:
Normal
Assignee:
The 2nd
Target version:
OTPme 0.3
Start date:
13 December 2015
Due date:
% Done:

80%

Estimated time:
(Total: 0:00 h)

Description

It should be possible to sign OTPme scripts and allow only execution of signed scripts.

Subtasks 2 (2 open0 closed)

Feature #65: implement revoking of script signaturesIn BearbeitungThe 2nd13 December 2015

Actions
Feature #74: Implement signature tagsIn Bearbeitung27 December 2016

Actions
Actions
Copy link
 #1

Updated by The 2nd over 8 years ago

  • % Done changed from 10 to 70
  • Implemented signing of OTPme scripts via RSA private key
  • Verification of signatures are done before executing the script (e.g. OTPme's PAM module can verify the login script signature)
  • Signing is implemented as a bash script via openssl to be as flexible as possible
  • Implemented server side encryption/signing mode where the RSA private key never leaves the OTPme server
Actions
Copy link
 #2

Updated by The 2nd over 5 years ago

  • Status changed from Neu to In Bearbeitung
Actions
Copy link
 #3

Updated by The 2nd over 5 years ago

  • Added otpme-tool add/del_signer command to handle host/node local allowed signers
    • Valid signers are users and roles
  • Allow to add per user private signers
  • Added config file options FORCE_TOKEN_SIGNERS, FORCE_KEY_SCRIPT_SIGNERS and FORCE_AGENT_SCRIPT_SIGNERS to override private signers
Actions
Copy link

Also available in: Atom PDF