01 September 2014

OpenVPN with OTP one time password by google authenticator working all the time part 3

<< Back to part 2 <<

4. Install google authenticator PAM module 

We need to install pam-devel package to rebuild the google lib PAM module.

# yum install pam-devel

Follow up : http://code.google.com/p/google-authenticator/ to download libpam-google-authenticator source code.

# wget http://google-authenticator.googlecode.com/files/libpam-google-authenticator-1.0-source.tar.bz2

# tar xvf libpam-google-authenticator-1.0-source.tar.bz2

# cd libpam-google-authenticator-1.0-source.tar.bz2

# make install
cp pam_google_authenticator.so /lib64/security
cp google-authenticator /usr/local/bin

After successfully rebuild, we now have 2 new files :

/lib64/security/pam_google_authenticator.so : PAM module to authenticate.

/usr/local/bin/google-authenticator : execute bin file to generate QR code.

To display the QR code in console terminal, we need to install the qrencode package :

# yum install qrencode

On the vpn server, create a new user (alice), and set password for her - for ex : 123456

# useradd alice
# passwd alice 

Su to her : # su - alice

Execute google-authenticator under alice :

$ google-authenticator

The terminal will display the QR code for alice like this :

google authenticator qr code

Answer y to the rest questions.

Take this screenshot and email to her.

Alice will need google-authenticator app ( https://itunes.apple.com/en/app/google-authenticator/id388497605?mt=8 ) to scan the QR code, then she will have one time password generated every minute like this :

>> Next to part 4 >>