Re: [Maria-developers] (MDEV-3949) OTP authenticator plugins
hi sergei! sorry about wrong place, i'm new in mariadb and i bit lost, since i changed from mysql development and error correction to mysql user and now mariadb user i will add my email to list and start asking there about s/key, shure! if you could send and maybe put in mariadb by default could be very nice! i'm using some windows and some linux server, in this case i can't use only pam.d, and some linux servers don't give me a unix user to use it :/ that's why i'm trying to find a OTP solution to mariadb, and if not try to develop one (when i have time) well if you could send your solution we could develop some more ideas for sure, i'will not use it to make money, just to secure my self 2012/12/19 <serg@montyprogram.com>
ou ask a question - do it on the mailing list. Jira is for bug reports and feature requests.
-- Roberto Spadim Spadim Technology / SPAEmpresarial
Hi, Roberto! On Dec 19, Roberto Spadim wrote:
hi sergei! sorry about wrong place, i'm new in mariadb and i bit lost, since i changed from mysql development and error correction to mysql user and now mariadb user i will add my email to list and start asking there
about s/key, shure! if you could send and maybe put in mariadb by default could be very nice! i'm using some windows and some linux server, in this case i can't use only pam.d, and some linux servers don't give me a unix user to use it :/ that's why i'm trying to find a OTP solution to mariadb, and if not try to develop one (when i have time)
Unfortunately, I couldn't find the complete plugins sources :( I wrote this plugin for a conference, about two years ago, and now all what's left of it, is the main plugin function: static int skey_auth(MYSQL_PLUGIN_VIO *vio, MYSQL_SERVER_AUTH_INFO *info) { unsigned char *pkt; int pkt_len; struct skey mp; char buf[SKEY_MAX_CHALLENGE+3]; buf[0] = ECHO_ON; if (skeychallenge(&mp, info->user_name, buf+1, SKEY_MAX_CHALLENGE) < 0) return CR_ERROR; strcat(buf, ":"); if (vio->write_packet(vio, buf, strlen(buf))) return CR_ERROR; if ((pkt_len= vio->read_packet(vio, &pkt)) < 0) return CR_ERROR; info->password_used = 1; return skeyverify(&mp, pkt) ? CR_ERROR : CR_OK; } But this is, basically, all. One only needs to add the standard plugin declaration structure (which wasn't on the slides for brevity). And link the plugin with the libskey. For a more convenient solution, you might want to link with it statically (and, perhaps, change a hard-coded location for a /etc/skeykeys file).
well if you could send your solution we could develop some more ideas for sure, i'will not use it to make money, just to secure my self
Regards, Sergei
participants (2)
-
Roberto Spadim
-
Sergei Golubchik