{"version":"1.0","provider_name":"Jui-Nan Lin&#039;s Blog","provider_url":"https:\/\/jnlin.org","author_name":"jnlin","author_url":"https:\/\/jnlin.org\/author\/jnlin\/","title":"security\/pam_google_authenticator: Two Factor Authentication PAM Module","html":"<p><a href=\"http:\/\/www.freshports.org\/security\/pam_google_authenticator\">security\/pam_google_authenticator<\/a> \u662f Google \u63a8\u51fa\u7684 Open Source PAM Module\uff0c\u63d0\u4f9b <a href=\"http:\/\/tools.ietf.org\/html\/rfc4226\">RFC 4226<\/a> (HOTP: An HMAC-Based One-Time Password Algorithm) \u7684 OTP \u529f\u80fd\u3002<\/p>  <p>\u53ea\u8981\u4f7f\u7528 Android \u624b\u6a5f\uff08\u672a\u4f86\u6703\u652f\u63f4iOS\u88dd\u7f6e\uff09\uff0c\u5b89\u88dd Google&#160; \u63d0\u4f9b\u7684 App\uff0c\u958b\u555f\u4e26\u8a2d\u5b9a pam_google_authenticator\uff0c\u4e4b\u5f8c\u7684 ssh \u9023\u7dda\u5c31\u53ef\u4ee5\u4f7f\u7528 OTP \u767b\u5165\u3002<\/p>  <p>Linux \u4e0a\u7684\u5b89\u88dd\u65b9\u6cd5\u53ef\u4ee5\u770b <a href=\"http:\/\/twitter.com\/gasol\">@gasol<\/a> \u5beb\u7684<a href=\"http:\/\/blog.gasol.tw\/2011\/05\/google-authenticator.html\">\u66ff\u4e3b\u6a5f\u4e0a\u7b2c\u4e8c\u9053\u9396 - Google Authenticator<\/a>\uff0c\u9019\u88e1\u4ecb\u7d39\u7684\u662f FreeBSD \u4e0a\u7684\u5b89\u88dd\u65b9\u6cd5\uff1a<\/p>  <ol>   <li>\u5148\u5b89\u88dd security\/pam_google_authenticator <\/li>    <li>\u57f7\u884c google-authenticator \uff0c\u8a2d\u5b9a secret key\u3002\u87a2\u5e55\u4e0a\u6703\u51fa\u73fe\u4e00\u500b <a href=\"http:\/\/en.wikipedia.org\/wiki\/QR_code\">QR Code<\/a>\uff0c\u7528\u624b\u6a5f App \u6383\u63cf\u4e4b\u5f8c\u5c31\u6703\u628a secret key \u5b58\u5230\u624b\u6a5f\u5167\u3002\u63a5\u8457\u6309\u7167\u87a2\u5e55\u4e0a\u6307\u793a\u628a secret key \u5b58\u5230 ~\/.google_authenticator \u88e1\u3002\u8a18\u5f97\u8981 chmod 600\u3002 <\/li>    <li>\u8a2d\u5b9a \/etc\/pam.d\/sshd\uff0c\u5728 auth pam_unix \u4e0b\u9762\u589e\u52a0\u4e00\u884c\uff1a <\/li> <\/ol>  <blockquote>   <p>auth required \/usr\/local\/lib\/pam_google_authenticator.s<font color=\"#444444\">o<\/font><\/p> <\/blockquote>  <p>\u9019\u6a23\u5c31\u751f\u6548\u4e86\u3002\u8981\u6ce8\u610f\u7684\u662f\uff0c\u9019\u4e0d\u6703\u5f71\u97ff\u4f7f\u7528 Public\/Private Key Pair \u767b\u5165\u7684\u4f7f\u7528\u8005\u3002\u53e6\u5916\uff0cPAM\u8a2d\u5b9a\u5b8c\u6210\u4e4b\u5f8c\uff0c\u5982\u679c\u6c92\u6709\u8a2d\u5b9a secret key \u7684\u4f7f\u7528\u8005\uff0c\u5c31\u4e0d\u80fd\u7528\u5e33\u865f\u5bc6\u78bc\u767b\u5165\u4e86\u3002<\/p>  <p>\u6e2c\u8a66\u524d\u8a18\u5f97\u8acb\u7559\u4e0b\u4e00\u500b\u9023\u7dda\u7684 terminal\uff0c\u907f\u514d\u8a2d\u932f\u5c0e\u81f4\u4eba\u5f97\u8dd1\u5230 console \u524d\u53bb\u8655\u7406\u3002<\/p>","type":"rich"}