Project

General

Profile

Actions

Feature #57

open

Feature #56: Implement OTPme scripts

Implement signing of OTPme scripts

Added by The 2nd about 9 years ago. Updated over 6 years ago.

Status:
In Bearbeitung
Priority:
Normal
Assignee:
Target version:
Start date:
13 December 2015
Due date:
% Done:

80%

Estimated time:
(Total: 0:00 h)

Description

It should be possible to sign OTPme scripts and allow only execution of signed scripts.


Subtasks 2 (2 open0 closed)

Feature #65: implement revoking of script signaturesIn BearbeitungThe 2nd13 December 2015

Actions
Feature #74: Implement signature tagsIn Bearbeitung27 December 2016

Actions
Actions #1

Updated by The 2nd about 9 years ago

  • % Done changed from 10 to 70
  • Implemented signing of OTPme scripts via RSA private key
  • Verification of signatures are done before executing the script (e.g. OTPme's PAM module can verify the login script signature)
  • Signing is implemented as a bash script via openssl to be as flexible as possible
  • Implemented server side encryption/signing mode where the RSA private key never leaves the OTPme server
Actions #2

Updated by The 2nd over 6 years ago

  • Status changed from Neu to In Bearbeitung
Actions #3

Updated by The 2nd over 6 years ago

  • Added otpme-tool add/del_signer command to handle host/node local allowed signers
    • Valid signers are users and roles
  • Allow to add per user private signers
  • Added config file options FORCE_TOKEN_SIGNERS, FORCE_KEY_SCRIPT_SIGNERS and FORCE_AGENT_SCRIPT_SIGNERS to override private signers
Actions

Also available in: Atom PDF