Re: Two factor authentication role with password and USB Device for PostgreSQL server

On 16 August 2015 at 20:06, Nima Azizzadeh <n(dot)azizzadeh(at)gmail(dot)com> wrote:
> I'm going to setup 2 factor authentication for my database server. I'm using
> PostgreSQL 9.4 DBMS on Ubuntu 14.10. I need to force two authentication
> methods for my database server. The authentication can use password and USB
> device methods. I already installed pamusb pakages :
>
> sudo apt-get install pamusb-tools libpam-usb
>
> Although I can add devices on my pamusb config file :
>
> pamusb-conf --add-device MyDevice
>
> I should define pamusb users and authentication methods. I added this lines
> to pamusb config between <users> tags :
>
> <user id="postgres"> <device>MyDevice</device> </user>
>
> I also create new pam module in \etc\pam.d directory with the name "mypam" :
>
> auth required pam_usb.so
> auth include password-auth
> account include password-auth
>
> and I edited Postgresql pg_hba.conf file:
>
> local all all pam mypam
> host all all 127.0.0.1/32 pam mypam
> host all all ::1/128 pam mypam
>
> but it doesn't work, can you please help me on this?

Note that this is a follow-up on these Stack Overflow questions, which
received no response at the time they were posted:

http://askubuntu.com/questions/634796/two-factor-authentication-with-password-and-usb-device-for-postgresql-server

http://stackoverflow.com/questions/31984222/create-a-login-role-for-postgres-using-pam-madule

I haven't done much with PAM-USB and PAM integration, so I don't think
I can offer much help, at least not quickly.

--
Craig Ringer http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Training & Services