[pve-devel] Two-Factor Authentication
Eric Blevins
ericlb100 at gmail.com
Thu Jun 19 16:34:32 CEST 2014
A malicious attacker gained access to codespaces.com Amazon EC2 control
panel and deleted nearly all of their data, snapshots and backups included.
They are now out of business.
This could have been prevented had they chosen to use two-factor
authentication on their Amazon EC2 accounts.
Proxmox should implement two-factor authentication so it can offer
protections from stolen credentials.
Personally I would like to see support for Yubikeys since I already use
them.
The libauth-yubikey-webclient-perl package provides a rather simple way to
validate the One time Passwords generated by yubikeys.
Very basic validation of the OTP:
#!/bin/perl
$api_id = "Obtain";
$api_key = "From Yubico https://upgrade.yubico.com/getapikey/";
$otp = $ARGV[0];
use Auth::Yubikey_WebClient;
if ($otp) {
my $yubi = Auth::Yubikey_WebClient->new({
id => $api_id,
api => $api_key
});
$result = $yubi->otp($otp);
if ( $result eq "OK" ) {
print "OK\n";
} else {
print "BAD\n";
$yubi->debug();
}
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-devel/attachments/20140619/5bb46d74/attachment.htm>
More information about the pve-devel
mailing list