W dniu pią, 14.05.2021 o godzinie 16∶05 +0100, użytkownik Darac Marjal
napisał:
>
> On 14/05/2021 15:29, Marek Mosiewicz wrote:
> > Hello,
> >
> > I think of idea of having additional PAM module which passes login
> > after receiving and validating signed email (for some scenarios it
> > could even requires emails from many persons). Signing emails can
> > be
> > done easliy in secure way and it could be also good for auditing.
>
> My first thought was "Doesn't PAM have some sort of timeout?" but it
> looks like it doesn't. If you have users who can bear to potentially
> wait a matter of days before knowing whether they're permitted to
> access
> a system, then I guess this could work. It sounds a little
> Heath-Robinson, but maybe you can argue the case for an ultra-secure
> host where every login must come to the immediate attention of one or
> more humans.
It is already used in some places that you need to commit your login
via app like PingOn. This method however just makes http answer and
authorizes you via fingerprint. Signed content would be better.
If you trust your bot it could also instruct it to send email
>
> Hmm. Thinking about it a little more, you might need to consider some
> points about reliability:
>
Signing email from you email client is easy. Alternatiely you can write
some script which will just put signed email in server local box which
is I thing good enough delivery channel or at least you know if it
happens
> * If PAM sends an email, it can REQUEST delivery and read receipts, but
> those are optional features of email. There's no guarantee that the
> email will arrive at the destination.
>
> * Similarly, PAM has no way to guarantee that the signer's reply will
> arrive.
>
> Now, you might be able to say "Well, we use GMail/HotMail/NeverFails
> which is 100% online" or "We always send to X signers and need a
> quorum
> of at least Y of them - which handles the situation when Kevin is on
> holiday in the Bahamas for three weeks", but you might want to at
> least
> CONSIDER sending follow up emails (not too often, though. One or two
> days between them perhaps?) so that you don't end up waiting for a
> reply
> that will never come.
>
That is possibly rare scenario, but some people could appreciate it
that there is no mess if somebody login to bank server. It could be
also good if somebody else knows that someone else logged in.
> >
> > Cheers,
> > Marek Mosiewicz
> >
>
