2FA/Multiple

Aus Doc-Wiki
Zur Navigation springen Zur Suche springen
Die druckbare Version wird nicht mehr unterstützt und kann Darstellungsfehler aufweisen. Bitte aktualisiere deine Browser-Lesezeichen und verwende stattdessen die Standard-Druckfunktion des Browsers.

Multiple Identities on Linux

When you are getting used to this seconds factor concept described in Shell#2FA you may wish to use it with other services too. At this point you have to decide if you:

  • have one single identity shared by several providers
  • have several identities = a different one for each service

Of course the latter is recommended. To store theses secret files I chose a separate directory in my $HOME: .my-secrets. Call it whatever you want.

Remove all ACLs except the required one. 

~$ fs sa -dir .my-secrets -acl web-home none
~$ fs sa -dir .my-secrets -acl ifi-login none
~$ fs sa -dir .my-secrets -acl spamassassin none
~$ fs sa -dir .my-secrets -acl mta none

At the end it should look like: 

~$ fs la .my-secrets/
Access list for .my-secrets/ is
Normal rights:
 system:administrators rlidwka
 username rlidwka
 username.system rl
 username@student.uni-goettingen.de rlidwka
 username@top.gwdg.de rlidwka

Copy (do not move) the already setup file for your universities userid and give it a "better" name: 

~$ cp  .ifi-login/.google_authenticator  .my-secrets/uni-userid

Create other identities by running google-authenticator. It seems this will always create the output file as $HOME/.google_authenticator. So we need to copy (or move) those newly created file to our folder: 

~$ google-authenticator
...
~$ cp  .google_authenticator  .my-secrets/user-at-other-provider

Repeat this step as often as you want :-)

To use one of those identities run 

~$ oathtool  --totp -b $(head -n 1 ~/.my-secrets/user-at-other-provider)
111187

You might use a separate terminal window and run this oneliner: 

~$ while true ; clear; date;  do for I in $(ls -A ~/.my-secrets/) ; do printf "%-24s" $I; oathtool  --totp -b $(head -n 1 ~/.my-secrets/$I);  done; sleep 2; done

This creates an automatically refreshed output like this: 

Di 21. Jun 09:02:10 CEST 2016
uni-userid              690091
user-at-other-provider  965901

You can put this uncomfortable long line into your ~/.bash_aliases 

~$ cat  .bash_aliases

#
# Show all Time Based OTP defined in ~/.my-secrets/*
#
function mytotp ()
{
	while :
	do
		clear
		date
		for I in $(ls -A ~/.my-secrets/) 
		do 
			printf "%-24s" $I; oathtool  --totp -b $(head -n 1 ~/.my-secrets/$I)
		done
		sleep 2

	done

}

This file is automatically evaluated ("sourced") during login. To activate it without the need to logout/login you can do so by 

~$ . .bash_aliases


See also

Links

Abgerufen von „https://doc.informatik.uni-goettingen.de/wiki/index.php?title=2FA/Multiple&oldid=980