Actions
Feature #57
openFeature #56: Implement OTPme scripts
Implement signing of OTPme scripts
Description
It should be possible to sign OTPme scripts and allow only execution of signed scripts.
Updated by The 2nd about 9 years ago
- % Done changed from 10 to 70
- Implemented signing of OTPme scripts via RSA private key
- Verification of signatures are done before executing the script (e.g. OTPme's PAM module can verify the login script signature)
- Signing is implemented as a bash script via openssl to be as flexible as possible
- Implemented server side encryption/signing mode where the RSA private key never leaves the OTPme server
Updated by The 2nd over 6 years ago
- Added otpme-tool add/del_signer command to handle host/node local allowed signers
- Valid signers are users and roles
- Allow to add per user private signers
- Added config file options FORCE_TOKEN_SIGNERS, FORCE_KEY_SCRIPT_SIGNERS and FORCE_AGENT_SCRIPT_SIGNERS to override private signers
Actions