X-Git-Url: http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=blobdiff_plain;f=README.md;h=d7b91ac118ca5b07fcf2d410cf99a8fe0d8d1c0b;hp=c800130e239bc447effc0523fd6deb39bcc7c132;hb=f6b4fd086473f179295386fb47fd422f47015d16;hpb=11554cec81eebf7b4730323bf92e00643dd03d41 diff --git a/README.md b/README.md index c800130..d7b91ac 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ freely, subject to the following restrictions: ------------------------------------------------------------------------ -# Challenge-Response PAM Module for HMAC-SHA1 Hardware Token(s) +## Challenge-Response PAM Module for HMAC-SHA1 Hardware Token(s) This package provides a UNIX [PAM](http://en.wikipedia.org/wiki/Pluggable_Authentication_Modules) @@ -73,6 +73,9 @@ period. The downside is that if the token is used against multiple hosts, and one of them leaks the secret to an adversary, all hosts are compromised. This is not the case with the first approach. +The particular data structure is outlined in the picture: +![](auth-data-structure.svg) + ## Module Operation Authentication file, containing nonce, encrypted shared secret, @@ -112,7 +115,7 @@ The only backend option existing is "ykneo:slot=1" or "ykneo:slot=2". Slot 2 is the default. Secret must be supplied when creating the file, and when modifying the file in the absense of the token. Password is used to construct the challenge. If not supplied empty string is used. -The pam module also used empty string when given "noaskpass" argument, +The pam module also uses empty string when given "noaskpass" argument, so this can be used for "one factor" authentication mode with token only. Payload is a string that can be optionally injected as the PAM authentication token after successful authentication; subsequent PAM @@ -136,8 +139,11 @@ PAM module has the following parameters: ## Getting the Source -Note that as of December 2013, this is a work in progress. You can -[clone](git://git.average.org/git/pam_pcsc_cr.git) or +Check the [project homepage](http://www.average.org/chal-resp-auth/). + +Pick the source tarball +[here](http://www.average.org/chal-resp-auth/pam_pcsc_cr-0.9.1.tar.xz), +or you can [clone](git://git.average.org/git/pam_pcsc_cr.git) or [browse](http://www.average.org/gitweb/?p=pam_pcsc_cr.git;a=summary) the git repo.